gcleaner | bcdff75cf29491be65435d6e95bdf06e0ad574027a5bb6251a8ba8d5bc2b7e07 | Triage

Submit
Reports

Overview

overview

Static

static

1

83ec2ce52a...3a.exe

windows7-x64

83ec2ce52a...3a.exe

windows10-2004-x64

Sharing

General

Target

83ec2ce52ae6f243d5597ccf58111942cd48d52952337864964ac29fe4dea03a
Size

3.0MB
Sample

230410-svj94aec38
MD5

9ce497f9fcb40cf830a32e465a6d3065
SHA1

919a4f641af9b7e739f5de4ab10c8138c4aea5d2
SHA256

bcdff75cf29491be65435d6e95bdf06e0ad574027a5bb6251a8ba8d5bc2b7e07
SHA512

cf7236d1c03bf8fcdffc3d02fda70a3a4a9b15a3d5e21e16291bc99fb8761c62dd1c06c21c0e78009c437d6abd8697b18f5fded767c7227497eabbe0a78abb60
SSDEEP

49152:U+2Pn4rHTRwIa0GppQUXTN2U//MWDTkCHmXnEIytVQFpcv/bDlWTyQL:iPgtwBrjN/RdHg0tVnbJWma

Score

10^/10

gcleaner discovery loader

Static task

static1

Behavioral task

behavioral1

Sample

83ec2ce52ae6f243d5597ccf58111942cd48d52952337864964ac29fe4dea03a.exe

Resource

win7-20230220-en

gcleaner discovery loader

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

83ec2ce52ae6f243d5597ccf58111942cd48d52952337864964ac29fe4dea03a.exe

Resource

win10v2004-20230220-en

gcleaner discovery loader

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  83ec2ce52ae6f243d5597ccf58111942cd48d52952337864964ac29fe4dea03a
- Size
  
  3.0MB
- MD5
  
  67e7d4fcd2ef117fcb034190a100ef7e
- SHA1
  
  787b2c8372cc61c7de142439e5346971e2003e93
- SHA256
  
  83ec2ce52ae6f243d5597ccf58111942cd48d52952337864964ac29fe4dea03a
- SHA512
  
  45d66912e9af4f6d51db860f914fe5026d1c91e71e113bf1f9c9637b0f4d1f4cb79de39db3cd9537fd13fffb1c48357308a670c0eb3bf9cfdad1fd459ce4f1d5
- SSDEEP
  
  49152:qGlJfsV+sv34rhbRIYaKGxZqUNTF2o/ZOWDnq6HydTCOk5VcF1cRbNDBWHygU:7cv+1IfB5Fj3HHCM575NVWSt
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader

© 2018-2024

Terms | Privacy