gcleaner | ded89a2c0a3d7cacb027db23114da3019b9c7cb1093b2f910ece25a973105f63 | Triage

Submit
Reports

Overview

overview

Static

static

3

a9055d232b...18.exe

windows7-x64

a9055d232b...18.exe

windows10-2004-x64

Sharing

General

Target

a9055d232b4fdf90f6edba6299dfd205_JaffaCakes118
Size

485KB
Sample

240614-lp2tmavepd
MD5

a9055d232b4fdf90f6edba6299dfd205
SHA1

2de37e78f40c7bfb2e0bc84ebb953c316b702e13
SHA256

ded89a2c0a3d7cacb027db23114da3019b9c7cb1093b2f910ece25a973105f63
SHA512

7168825f00daa177754c8ea1642be5b8e35dc917c78988956cdb193122bd81b6cd78464e1b18cd7021af4bf3bfe63a4982d83e389f6a9caf4515c0c5d8fde04d
SSDEEP

12288:8cBY8qvc2zpou3mBDS6MR2fl9bIcgTp1GD9:89plou2BDSnAfrk3Tp1GD

Score

10^/10

gcleaner vidar loader stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a9055d232b4fdf90f6edba6299dfd205_JaffaCakes118.exe

Resource

win7-20240221-en

gcleaner vidar loader stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

a9055d232b4fdf90f6edba6299dfd205_JaffaCakes118.exe

Resource

win10v2004-20240611-en

gcleaner vidar loader stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  a9055d232b4fdf90f6edba6299dfd205_JaffaCakes118
- Size
  
  485KB
- MD5
  
  a9055d232b4fdf90f6edba6299dfd205
- SHA1
  
  2de37e78f40c7bfb2e0bc84ebb953c316b702e13
- SHA256
  
  ded89a2c0a3d7cacb027db23114da3019b9c7cb1093b2f910ece25a973105f63
- SHA512
  
  7168825f00daa177754c8ea1642be5b8e35dc917c78988956cdb193122bd81b6cd78464e1b18cd7021af4bf3bfe63a4982d83e389f6a9caf4515c0c5d8fde04d
- SSDEEP
  
  12288:8cBY8qvc2zpou3mBDS6MR2fl9bIcgTp1GD9:89plou2BDSnAfrk3Tp1GD
Score

10^/10

gcleaner vidar loader stealer
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gcleanervidarloaderstealer

behavioral2

gcleanervidarloaderstealer

© 2018-2024

Terms | Privacy