gcleaner | f29e4d6fca07aa33e4eb130e016f874ca6c9e97a36d2b27203fcb20a1213fac7 | Triage

Submit
Reports

Overview

overview

Static

static

1

550d53c4af...61.exe

windows7-x64

550d53c4af...61.exe

windows10-2004-x64

Sharing

General

Target

550d53c4afde2b015c0cadd9241c288a6170d0fe3d39e76718c22571a5114761
Size

2.9MB
Sample

230410-t2vj3sgd21
MD5

e97101cd7e7697572666ce0b19caef43
SHA1

1a32dc7a8b259e99388724eb43a1f21030d989c3
SHA256

f29e4d6fca07aa33e4eb130e016f874ca6c9e97a36d2b27203fcb20a1213fac7
SHA512

45f31ea6661b4db132c08917b46dde58f5709f95039040663424cdeff68f3cbe9c25e0b3468c2be2a4f82e88d3ad1728b703f5110c8a908771275767b973c6bf
SSDEEP

49152:5bnRBh6W8yOttD9Z3rT/wqDbNhZa/0hpjn3wMP+8ZbfAMuZYNDT5JXKSzyoQ:5bnfh4Vt3LwEJhZa/0jn3wI+ALAMuSN4

Score

10^/10

gcleaner discovery loader

Static task

static1

Behavioral task

behavioral1

Sample

550d53c4afde2b015c0cadd9241c288a6170d0fe3d39e76718c22571a5114761.exe

Resource

win7-20230220-en

gcleaner discovery loader

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

550d53c4afde2b015c0cadd9241c288a6170d0fe3d39e76718c22571a5114761.exe

Resource

win10v2004-20230220-en

gcleaner discovery loader

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  550d53c4afde2b015c0cadd9241c288a6170d0fe3d39e76718c22571a5114761
- Size
  
  2.9MB
- MD5
  
  fb1046051d0210b51478ae619c68672d
- SHA1
  
  6fac362191ac9d2bb37890a9ffd922915edf14d6
- SHA256
  
  550d53c4afde2b015c0cadd9241c288a6170d0fe3d39e76718c22571a5114761
- SHA512
  
  e611664e4636443220058c50bc7fae9ca7a276d5678911d920527aa2d3ccf7964ae43d6df1c6e2e0b8509bff1146d2a97c06a36f228022c091bac607bf54c386
- SSDEEP
  
  49152:qGlJfsZyJxth6WcWOHtz9r1R7DwIFdfnfu18znjf7eQfOEL1fAA8ZYrjx55zqWHw:7PJXh4Tt9fwaVnfu1Yjf7eaOoVAA8SrG
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader

© 2018-2024

Terms | Privacy