gcleaner | b17162f897bd018c87b3ae454dfb04c43f3921c0cba9f8ef56f237da9f0e18ac | Triage

Submit
Reports

Overview

overview

Static

static

1

b17162f897...ac.exe

windows7-x64

b17162f897...ac.exe

windows10-2004-x64

Sharing

General

Target

b17162f897bd018c87b3ae454dfb04c43f3921c0cba9f8ef56f237da9f0e18ac.exe
Size

2.8MB
Sample

230405-m6vx3sea44
MD5

77b5fc3a6fa011dcd4ce255ef17a7e0e
SHA1

3ee0cce647963d106a1a883a7de8b7fdccba9a82
SHA256

b17162f897bd018c87b3ae454dfb04c43f3921c0cba9f8ef56f237da9f0e18ac
SHA512

c5c6fb58032184bab9f272beb314879bc8e6a1856f18de29ef882368ef7673e934207e43e587f6a2d8b2b9e25fcaa6dfb2be21e262b4edce7801d6edd461d113
SSDEEP

49152:AG+V7ALQ/AYAFxfBP5H6ChYM0jrwTzecwvIcxLQV8tH6aSPgZU9MTt4ZeOKz:d+VQFLfBQCSwTCczcKVIHmNqWZeOKz

Score

10^/10

gcleaner discovery loader

Static task

static1

Behavioral task

behavioral1

Sample

b17162f897bd018c87b3ae454dfb04c43f3921c0cba9f8ef56f237da9f0e18ac.exe

Resource

win7-20230220-en

gcleaner discovery loader

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

b17162f897bd018c87b3ae454dfb04c43f3921c0cba9f8ef56f237da9f0e18ac.exe

Resource

win10v2004-20230220-en

gcleaner discovery loader

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  b17162f897bd018c87b3ae454dfb04c43f3921c0cba9f8ef56f237da9f0e18ac.exe
- Size
  
  2.8MB
- MD5
  
  77b5fc3a6fa011dcd4ce255ef17a7e0e
- SHA1
  
  3ee0cce647963d106a1a883a7de8b7fdccba9a82
- SHA256
  
  b17162f897bd018c87b3ae454dfb04c43f3921c0cba9f8ef56f237da9f0e18ac
- SHA512
  
  c5c6fb58032184bab9f272beb314879bc8e6a1856f18de29ef882368ef7673e934207e43e587f6a2d8b2b9e25fcaa6dfb2be21e262b4edce7801d6edd461d113
- SSDEEP
  
  49152:AG+V7ALQ/AYAFxfBP5H6ChYM0jrwTzecwvIcxLQV8tH6aSPgZU9MTt4ZeOKz:d+VQFLfBQCSwTCczcKVIHmNqWZeOKz
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader

© 2018-2024

Terms | Privacy