gcleaner | 98cd29a384050b687765a956f3a3577f8f2037df5b6b67b3f7bfee65a8ba8d4d | Triage

Sharing

General

Target

98cd29a384050b687765a956f3a3577f8f2037df5b6b67b3f7bfee65a8ba8d4d
Size

299KB
Sample

240829-2k977svdqb
MD5

e136c6fd78f844d7b29d64447ff29294
SHA1

ca6fd5a7eea3812da685a40d35cb96f26f57b661
SHA256

98cd29a384050b687765a956f3a3577f8f2037df5b6b67b3f7bfee65a8ba8d4d
SHA512

bc9e3e45d7e30e7310a89178ee7e0d6c02eba61013f992244b5cca739e04957a3009fba18cef7819bb8651d7afab5a8ccd49ce4cfa13baa25105487c997873a5
SSDEEP

3072:+0Uu4DcGCc9Lu+LF6bgt6bQSGsFEJMWZdvDZS0uer0MgE7GI2JsHI4aZp:+0Uu4DPrSOFSTFEm4TS0X0mYso4a

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  98cd29a384050b687765a956f3a3577f8f2037df5b6b67b3f7bfee65a8ba8d4d
- Size
  
  299KB
- MD5
  
  e136c6fd78f844d7b29d64447ff29294
- SHA1
  
  ca6fd5a7eea3812da685a40d35cb96f26f57b661
- SHA256
  
  98cd29a384050b687765a956f3a3577f8f2037df5b6b67b3f7bfee65a8ba8d4d
- SHA512
  
  bc9e3e45d7e30e7310a89178ee7e0d6c02eba61013f992244b5cca739e04957a3009fba18cef7819bb8651d7afab5a8ccd49ce4cfa13baa25105487c997873a5
- SSDEEP
  
  3072:+0Uu4DcGCc9Lu+LF6bgt6bQSGsFEJMWZdvDZS0uer0MgE7GI2JsHI4aZp:+0Uu4DPrSOFSTFEm4TS0X0mYso4a
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader