gcleaner | 8e1ce8ce3f77830b51e6515e2b084bb8d5b031f62a002e1526880592c34778f0 | Triage

Sharing

General

Target

8e1ce8ce3f77830b51e6515e2b084bb8d5b031f62a002e1526880592c34778f0
Size

405KB
Sample

240830-ymn6zascpa
MD5

010ca9af2d9e0822c2a294d0d8f7fe01
SHA1

f325038bf0b1671d4034f6990e9c85afa2f186d9
SHA256

8e1ce8ce3f77830b51e6515e2b084bb8d5b031f62a002e1526880592c34778f0
SHA512

f76f862ed43b6eec954c0649048edee89f56f79e7d7a96827c9556f7626538ed78366b7d4ea87e53ceb926d111e937580b38db66addeaddb1f880756b17b3c91
SSDEEP

3072:uiFHYQ+xht6Gm6K9/wjI2Cg4f7bPO/fo66pswcd980EW+8UO4RAKmXb:9HYQwhjOT7bO/f36e9xEWJUj

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  8e1ce8ce3f77830b51e6515e2b084bb8d5b031f62a002e1526880592c34778f0
- Size
  
  405KB
- MD5
  
  010ca9af2d9e0822c2a294d0d8f7fe01
- SHA1
  
  f325038bf0b1671d4034f6990e9c85afa2f186d9
- SHA256
  
  8e1ce8ce3f77830b51e6515e2b084bb8d5b031f62a002e1526880592c34778f0
- SHA512
  
  f76f862ed43b6eec954c0649048edee89f56f79e7d7a96827c9556f7626538ed78366b7d4ea87e53ceb926d111e937580b38db66addeaddb1f880756b17b3c91
- SSDEEP
  
  3072:uiFHYQ+xht6Gm6K9/wjI2Cg4f7bPO/fo66pswcd980EW+8UO4RAKmXb:9HYQwhjOT7bO/f36e9xEWJUj
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader