gcleaner | d580cf5c5974abebad470cf01f14bb9e1fa4d462fdc68774f10f03b6c852d687 | Triage

Sharing

General

Target

999ce981075f5220da3b60405de5a153.exe
Size

368KB
Sample

240614-wnk5lavcrq
MD5

999ce981075f5220da3b60405de5a153
SHA1

3b92e8ebd076991db92be24bfa63dfea05a0c298
SHA256

d580cf5c5974abebad470cf01f14bb9e1fa4d462fdc68774f10f03b6c852d687
SHA512

087dee6d3b52d49e5a42406f8d8d306637cfd3a4c3f984b9be46ccaf8e2a896ea489edeeb75627cd2d6311359824c53265d7f2231e1bce6b4591379fa944bedc
SSDEEP

6144:uw1gc73/WolE+EF6YIczP138yJWt32WLaQF1TGX6BSdTH:Sc7Fg6DEPxf23Fjv6quH

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  999ce981075f5220da3b60405de5a153.exe
- Size
  
  368KB
- MD5
  
  999ce981075f5220da3b60405de5a153
- SHA1
  
  3b92e8ebd076991db92be24bfa63dfea05a0c298
- SHA256
  
  d580cf5c5974abebad470cf01f14bb9e1fa4d462fdc68774f10f03b6c852d687
- SHA512
  
  087dee6d3b52d49e5a42406f8d8d306637cfd3a4c3f984b9be46ccaf8e2a896ea489edeeb75627cd2d6311359824c53265d7f2231e1bce6b4591379fa944bedc
- SSDEEP
  
  6144:uw1gc73/WolE+EF6YIczP138yJWt32WLaQF1TGX6BSdTH:Sc7Fg6DEPxf23Fjv6quH
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2