gcleaner | eb6127c9b3934bc49662273652adab4697b60e6e04a125eea688e23272dba7ef | Triage

Sharing

General

Target

eb6127c9b3934bc49662273652adab4697b60e6e04a125eea688e23272dba7ef
Size

258KB
Sample

240829-qsewgstfqg
MD5

1df9c36e7453aca251f205841bd5430e
SHA1

e387faeaa2dcee434ef8f362e949e250e128b3bb
SHA256

eb6127c9b3934bc49662273652adab4697b60e6e04a125eea688e23272dba7ef
SHA512

97689029ac51fd085d28087b1fa666bf3309846a1f6e4dbdc73d17729aaf125fa2ce522d15db55db836179f962f4f7150257b337a01c6d2229ff5fdc30ffa9c2
SSDEEP

6144:EEUdB5XqR4He2O2U+kTRhUEBBnlu7MhaDpW:EEUdHXquHVOOOTEcM

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  eb6127c9b3934bc49662273652adab4697b60e6e04a125eea688e23272dba7ef
- Size
  
  258KB
- MD5
  
  1df9c36e7453aca251f205841bd5430e
- SHA1
  
  e387faeaa2dcee434ef8f362e949e250e128b3bb
- SHA256
  
  eb6127c9b3934bc49662273652adab4697b60e6e04a125eea688e23272dba7ef
- SHA512
  
  97689029ac51fd085d28087b1fa666bf3309846a1f6e4dbdc73d17729aaf125fa2ce522d15db55db836179f962f4f7150257b337a01c6d2229ff5fdc30ffa9c2
- SSDEEP
  
  6144:EEUdB5XqR4He2O2U+kTRhUEBBnlu7MhaDpW:EEUdHXquHVOOOTEcM
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader