gcleaner | 9ab39edf384daac9f1c4e6b44e7af427618696b1d0b4d04d737a1e06b412c09b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9ab39edf384daac9f1c4e6b44e7af427618696b1d0b4d04d737a1e06b412c09b.exe
Size

358KB
Sample

240823-l5xjvazgqk
MD5

9aef8b7dac7aae11eb1a6d9b3139d2f6
SHA1

bedf56bce5bfb1fb13a08aed786f0bca2b6aea99
SHA256

9ab39edf384daac9f1c4e6b44e7af427618696b1d0b4d04d737a1e06b412c09b
SHA512

438f62b685b0ea5d5b04481fd385651d9acbf16bb10ce59f9493e7198a1f116f8c32a428ee61210eb2dea38a47cdd87998f128067e4470bc1adfd753652909b8
SSDEEP

6144:rI0hSZI/iJ3PAjcyAEZClf0ekFKgK/HdXDVJ7/qDGWk3OMi:rxhSZIaJ3PAY4CcdfK/HNV1/1/eM

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  9ab39edf384daac9f1c4e6b44e7af427618696b1d0b4d04d737a1e06b412c09b.exe
- Size
  
  358KB
- MD5
  
  9aef8b7dac7aae11eb1a6d9b3139d2f6
- SHA1
  
  bedf56bce5bfb1fb13a08aed786f0bca2b6aea99
- SHA256
  
  9ab39edf384daac9f1c4e6b44e7af427618696b1d0b4d04d737a1e06b412c09b
- SHA512
  
  438f62b685b0ea5d5b04481fd385651d9acbf16bb10ce59f9493e7198a1f116f8c32a428ee61210eb2dea38a47cdd87998f128067e4470bc1adfd753652909b8
- SSDEEP
  
  6144:rI0hSZI/iJ3PAjcyAEZClf0ekFKgK/HdXDVJ7/qDGWk3OMi:rxhSZIaJ3PAY4CcdfK/HNV1/1/eM
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader