gcleaner | 4e75f8712ee2f529c1e4d034662a86ad352a76e851996f5cf67e58abd949cc50 | Triage

Sharing

General

Target

4e75f8712ee2f529c1e4d034662a86ad352a76e851996f5cf67e58abd949cc50
Size

403KB
Sample

240831-tke33asgpp
MD5

2bec28292653e2f9bec82bf0ecb18f23
SHA1

44a3cde4749d52fdee48879d88594446ae08f693
SHA256

4e75f8712ee2f529c1e4d034662a86ad352a76e851996f5cf67e58abd949cc50
SHA512

10b91a142408b9dafe1b897e896f3ef1cb58b6c90b41e8fbdf7e93884045afbebd42d230966a67cb55522ac203e5c07a0b2486aec4d7ce09a66b0b70dd8b8e08
SSDEEP

3072:zMLoO5tBeuUJsIHRil98r43BJ87CM2h/OQIhn4kJmotUU6W/c1rpQKwFnmAdvvjG:wjLBmLHRil988Botr5Jztf610rvjwq

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  4e75f8712ee2f529c1e4d034662a86ad352a76e851996f5cf67e58abd949cc50
- Size
  
  403KB
- MD5
  
  2bec28292653e2f9bec82bf0ecb18f23
- SHA1
  
  44a3cde4749d52fdee48879d88594446ae08f693
- SHA256
  
  4e75f8712ee2f529c1e4d034662a86ad352a76e851996f5cf67e58abd949cc50
- SHA512
  
  10b91a142408b9dafe1b897e896f3ef1cb58b6c90b41e8fbdf7e93884045afbebd42d230966a67cb55522ac203e5c07a0b2486aec4d7ce09a66b0b70dd8b8e08
- SSDEEP
  
  3072:zMLoO5tBeuUJsIHRil98r43BJ87CM2h/OQIhn4kJmotUU6W/c1rpQKwFnmAdvvjG:wjLBmLHRil988Botr5Jztf610rvjwq
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader