gcleaner | 627494ac78e4686b3a52d7d4c9ab48be74f1470371daf7a5d58efa9ed6bfce05 | Triage

Sharing

General

Target

627494ac78e4686b3a52d7d4c9ab48be74f1470371daf7a5d58efa9ed6bfce05
Size

357KB
Sample

240824-nwfabaybne
MD5

a82830a0ce578c9cd998c3f43728c62c
SHA1

e39933e6ad4c2a2da9f2d233cf73c5b0c459e105
SHA256

627494ac78e4686b3a52d7d4c9ab48be74f1470371daf7a5d58efa9ed6bfce05
SHA512

6c84215dff5fb490b01ae1c145859b70c85ccf847aae9e64c5fe5d531aa5a639db29521609940f17779d114c88a27a2f2bf0015355189f71feb4a7a7b398c9be
SSDEEP

6144:EUUpKKIWNWYS6xoqOFEN2dI3NnpjZCY4cRnrD5ne:E3pKKITXJFwQI3R2Y4ERe

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  627494ac78e4686b3a52d7d4c9ab48be74f1470371daf7a5d58efa9ed6bfce05
- Size
  
  357KB
- MD5
  
  a82830a0ce578c9cd998c3f43728c62c
- SHA1
  
  e39933e6ad4c2a2da9f2d233cf73c5b0c459e105
- SHA256
  
  627494ac78e4686b3a52d7d4c9ab48be74f1470371daf7a5d58efa9ed6bfce05
- SHA512
  
  6c84215dff5fb490b01ae1c145859b70c85ccf847aae9e64c5fe5d531aa5a639db29521609940f17779d114c88a27a2f2bf0015355189f71feb4a7a7b398c9be
- SSDEEP
  
  6144:EUUpKKIWNWYS6xoqOFEN2dI3NnpjZCY4cRnrD5ne:E3pKKITXJFwQI3R2Y4ERe
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader