gcleaner | 6d903011eb7a878497a0a749dd5091ccbc09fb23cc2fb2410db90fbcaf778eeb | Triage

Submit
Reports

Overview

overview

Static

static

1

b6d2e7eae8...c2.exe

windows7-x64

b6d2e7eae8...c2.exe

windows10-2004-x64

Sharing

General

Target

1aefd3558d121b2048062d306782f6ea.bin
Size

1.7MB
Sample

230331-bgzn7aga93
MD5

07ea7ad398e606c23fee046411dd60d8
SHA1

76fb7ca537663753c4f19c11f564622f40958a35
SHA256

6d903011eb7a878497a0a749dd5091ccbc09fb23cc2fb2410db90fbcaf778eeb
SHA512

4cbea0b6a098e158d5d220b955fa29e7b0b47dc82865e1a18c526b04870142eec33f4003c88b22a9ca67a4ccfa51f8f7bc5a19a7cbc147ff52674fdcca1ffab5
SSDEEP

49152:4LOREPXvGqpuQ6eYmHi6DK/v4B6KOmCeI9kk:wpP/GqphHXun4aveI9kk

Score

10^/10

gcleaner discovery loader

Static task

static1

Behavioral task

behavioral1

Sample

b6d2e7eae8f6d062cd506523cab7f94fa8ceac7024c841d4be6e56be14c820c2.exe

Resource

win7-20230220-en

gcleaner discovery loader

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

b6d2e7eae8f6d062cd506523cab7f94fa8ceac7024c841d4be6e56be14c820c2.exe

Resource

win10v2004-20230220-en

gcleaner discovery loader

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  b6d2e7eae8f6d062cd506523cab7f94fa8ceac7024c841d4be6e56be14c820c2.exe
- Size
  
  1.7MB
- MD5
  
  1aefd3558d121b2048062d306782f6ea
- SHA1
  
  9abc26479017fbaddbe77bc3e45c2d1904e6c9ea
- SHA256
  
  b6d2e7eae8f6d062cd506523cab7f94fa8ceac7024c841d4be6e56be14c820c2
- SHA512
  
  22ae21e9c25df28b99e3e59bf764ab982f685858048a6f0aad9b9d0dd1334db5bbdfc83edcfb29976db50d0336914d5aad4a93457196a89362a591cd23947d64
- SSDEEP
  
  49152:EGlJfs4K18hD9Di6978+MRlHSrTDEqB9tkM55dlLYp:5rKChBR978pb23N9KsPYp
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader

© 2018-2024

Terms | Privacy