gcleaner | 8065d03f70f7c6e2109e42b6b9f356e20a23d4e1090e8e6c00fb3de8f3a0d91a | Triage

Sharing

General

Target

8065d03f70f7c6e2109e42b6b9f356e20a23d4e1090e8e6c00fb3de8f3a0d91a
Size

290KB
Sample

240829-jbvr2ssarj
MD5

5115daf5905ecda1c037ca29c2145939
SHA1

a86a8ccce3e184ef5efc6073901ce7bbe9aef92e
SHA256

8065d03f70f7c6e2109e42b6b9f356e20a23d4e1090e8e6c00fb3de8f3a0d91a
SHA512

bddfab3b795de665f54b826319fbcd0b241fd06c61f669cb03042439a3faeb94fe7b44fd7468810b83731b95267684cc5d2ab11b1168fa7d1a97d1e706d1f687
SSDEEP

6144:3NhsCXt9gLmr3FjR3hchq0+9M7MhJD2W:3NhswDgslho7+ScB

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  8065d03f70f7c6e2109e42b6b9f356e20a23d4e1090e8e6c00fb3de8f3a0d91a
- Size
  
  290KB
- MD5
  
  5115daf5905ecda1c037ca29c2145939
- SHA1
  
  a86a8ccce3e184ef5efc6073901ce7bbe9aef92e
- SHA256
  
  8065d03f70f7c6e2109e42b6b9f356e20a23d4e1090e8e6c00fb3de8f3a0d91a
- SHA512
  
  bddfab3b795de665f54b826319fbcd0b241fd06c61f669cb03042439a3faeb94fe7b44fd7468810b83731b95267684cc5d2ab11b1168fa7d1a97d1e706d1f687
- SSDEEP
  
  6144:3NhsCXt9gLmr3FjR3hchq0+9M7MhJD2W:3NhswDgslho7+ScB
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader