gcleaner | da366ad4ebb86d6d6fd1f8d8f8a33135fedb9f8a5c7c682dc49944898a257a6c | Triage

Sharing

General

Target

da366ad4ebb86d6d6fd1f8d8f8a33135fedb9f8a5c7c682dc49944898a257a6c
Size

404KB
Sample

240831-d8tncstfjf
MD5

cc6b60055d87dc4e3fc9f8d245e98a42
SHA1

78e9e0f9a0b6fe8fd65a785be0a39f649735ca9c
SHA256

da366ad4ebb86d6d6fd1f8d8f8a33135fedb9f8a5c7c682dc49944898a257a6c
SHA512

9b22835b307ef9da506d3e1325c1c136fa584fdb039493d11be5ddb5fb309b8a1deb54dc8d69d84fa9c7c4cdc64a3cd94091e724d5f13995d6b4d3656b815cc7
SSDEEP

6144:dgtiBsEjsEdoRYfF7CccDt6/PAtH0sCOs/v6lFHxiWuEhIKXx:dWiBdHgY97CJ6/QUsg/iFRJ

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  da366ad4ebb86d6d6fd1f8d8f8a33135fedb9f8a5c7c682dc49944898a257a6c
- Size
  
  404KB
- MD5
  
  cc6b60055d87dc4e3fc9f8d245e98a42
- SHA1
  
  78e9e0f9a0b6fe8fd65a785be0a39f649735ca9c
- SHA256
  
  da366ad4ebb86d6d6fd1f8d8f8a33135fedb9f8a5c7c682dc49944898a257a6c
- SHA512
  
  9b22835b307ef9da506d3e1325c1c136fa584fdb039493d11be5ddb5fb309b8a1deb54dc8d69d84fa9c7c4cdc64a3cd94091e724d5f13995d6b4d3656b815cc7
- SSDEEP
  
  6144:dgtiBsEjsEdoRYfF7CccDt6/PAtH0sCOs/v6lFHxiWuEhIKXx:dWiBdHgY97CJ6/QUsg/iFRJ
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader