gcleaner | d580cf5c5974abebad470cf01f14bb9e1fa4d462fdc68774f10f03b6c852d687 | Triage

Submit
Reports

Overview

overview

Static

static

3

d580cf5c59...87.exe

windows7-x64

d580cf5c59...87.exe

windows10-2004-x64

Sharing

General

Target

d580cf5c5974abebad470cf01f14bb9e1fa4d462fdc68774f10f03b6c852d687.exe
Size

368KB
Sample

240615-cpgn1szcjk
MD5

999ce981075f5220da3b60405de5a153
SHA1

3b92e8ebd076991db92be24bfa63dfea05a0c298
SHA256

d580cf5c5974abebad470cf01f14bb9e1fa4d462fdc68774f10f03b6c852d687
SHA512

087dee6d3b52d49e5a42406f8d8d306637cfd3a4c3f984b9be46ccaf8e2a896ea489edeeb75627cd2d6311359824c53265d7f2231e1bce6b4591379fa944bedc
SSDEEP

6144:uw1gc73/WolE+EF6YIczP138yJWt32WLaQF1TGX6BSdTH:Sc7Fg6DEPxf23Fjv6quH

Score

10^/10

gcleaner loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d580cf5c5974abebad470cf01f14bb9e1fa4d462fdc68774f10f03b6c852d687.exe

Resource

win7-20240611-en

gcleaner loader

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

d580cf5c5974abebad470cf01f14bb9e1fa4d462fdc68774f10f03b6c852d687.exe

Resource

win10v2004-20240611-en

gcleaner loader

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  d580cf5c5974abebad470cf01f14bb9e1fa4d462fdc68774f10f03b6c852d687.exe
- Size
  
  368KB
- MD5
  
  999ce981075f5220da3b60405de5a153
- SHA1
  
  3b92e8ebd076991db92be24bfa63dfea05a0c298
- SHA256
  
  d580cf5c5974abebad470cf01f14bb9e1fa4d462fdc68774f10f03b6c852d687
- SHA512
  
  087dee6d3b52d49e5a42406f8d8d306637cfd3a4c3f984b9be46ccaf8e2a896ea489edeeb75627cd2d6311359824c53265d7f2231e1bce6b4591379fa944bedc
- SSDEEP
  
  6144:uw1gc73/WolE+EF6YIczP138yJWt32WLaQF1TGX6BSdTH:Sc7Fg6DEPxf23Fjv6quH
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Detects Windows executables referencing non-Windows User-Agents
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy