gcleaner | 3a93bef7e2b3952a1fbc237ef1fd3502ac3284a6573ac11ee333fcb06e8c0840 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3a93bef7e2b3952a1fbc237ef1fd3502ac3284a6573ac11ee333fcb06e8c0840
Size

357KB
Sample

240824-nlldkszbkj
MD5

2c9b8d535d1718c795837be91582fc85
SHA1

b8a77635ae398e575ce423d2dc1fdce8c93bd696
SHA256

3a93bef7e2b3952a1fbc237ef1fd3502ac3284a6573ac11ee333fcb06e8c0840
SHA512

cee89b6e17ef6f355ff011a889c46a7d80b418632fe5e3bb99342a74f9a1e465358e4dbf89f6280ff603274f2efc3e09ad603bd7c6173f8417df7da486652c40
SSDEEP

6144:TXsplI+HmM9O08ltyfi53ZJ9fmSDtbxqf8ZVmoOv1a5mw:Tcpi+t9O0V63X9fmqLqf8Z8zv1AZ

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  3a93bef7e2b3952a1fbc237ef1fd3502ac3284a6573ac11ee333fcb06e8c0840
- Size
  
  357KB
- MD5
  
  2c9b8d535d1718c795837be91582fc85
- SHA1
  
  b8a77635ae398e575ce423d2dc1fdce8c93bd696
- SHA256
  
  3a93bef7e2b3952a1fbc237ef1fd3502ac3284a6573ac11ee333fcb06e8c0840
- SHA512
  
  cee89b6e17ef6f355ff011a889c46a7d80b418632fe5e3bb99342a74f9a1e465358e4dbf89f6280ff603274f2efc3e09ad603bd7c6173f8417df7da486652c40
- SSDEEP
  
  6144:TXsplI+HmM9O08ltyfi53ZJ9fmSDtbxqf8ZVmoOv1a5mw:Tcpi+t9O0V63X9fmqLqf8Z8zv1AZ
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader