gcleaner | b242612fab32f3a2bc44033c804e586a12fd450795ba68510a32c67059b6d7b1 | Triage

Submit
Reports

Overview

overview

Static

static

1

b8406c0265...4b.exe

windows7-x64

b8406c0265...4b.exe

windows10-2004-x64

Sharing

General

Target

b8406c0265685a3472517f1b8b5d514b.exe
Size

2.1MB
Sample

230405-16r33sbh5z
MD5

b8406c0265685a3472517f1b8b5d514b
SHA1

1c94df97a4580e48860b5d8b543f3ef5b6f5c0d7
SHA256

b242612fab32f3a2bc44033c804e586a12fd450795ba68510a32c67059b6d7b1
SHA512

ebb457e8e4cafa9e0197e235f029b3a67ba1136e93440d638f26251a2a71b120be788579468f56ab271222b42006ddb54979aaa8cd99a652ba84bee7bf382586
SSDEEP

49152:NJ4HLiAIg8bZGZLggVaa6acVbId2cD/ki+aHT+:NJ4HWBXALg+56pkd2+/kl4T+

Score

10^/10

gcleaner raccoon 81620d6b0f6e4fbb3048818577e1f9be loader spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

b8406c0265685a3472517f1b8b5d514b.exe

Resource

win7-20230220-en

gcleaner loader spyware stealer upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

b8406c0265685a3472517f1b8b5d514b.exe

Resource

win10v2004-20230220-en

gcleaner raccoon 81620d6b0f6e4fbb3048818577e1f9be loader spyware stealer upx

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Extracted

Family

raccoon

Botnet

81620d6b0f6e4fbb3048818577e1f9be

C2

http://91.201.115.148

rc4.plain

Targets

- Target
  
  b8406c0265685a3472517f1b8b5d514b.exe
- Size
  
  2.1MB
- MD5
  
  b8406c0265685a3472517f1b8b5d514b
- SHA1
  
  1c94df97a4580e48860b5d8b543f3ef5b6f5c0d7
- SHA256
  
  b242612fab32f3a2bc44033c804e586a12fd450795ba68510a32c67059b6d7b1
- SHA512
  
  ebb457e8e4cafa9e0197e235f029b3a67ba1136e93440d638f26251a2a71b120be788579468f56ab271222b42006ddb54979aaa8cd99a652ba84bee7bf382586
- SSDEEP
  
  49152:NJ4HLiAIg8bZGZLggVaa6acVbId2cD/ki+aHT+:NJ4HWBXALg+56pkd2+/kl4T+
Score

10^/10

gcleaner loader spyware stealer upx raccoon 81620d6b0f6e4fbb3048818577e1f9be
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gcleanerloaderspywarestealerupx

behavioral2

gcleanerraccoon81620d6b0f6e4fbb3048818577e1f9beloaderspywarestealerupx

© 2018-2024

Terms | Privacy