gcleaner | 6fc84e495a4d76e5da5da4d30a461029c0a144e4d3a47727315f94be29ef2c98 | Triage

Sharing

General

Target

6fc84e495a4d76e5da5da4d30a461029c0a144e4d3a47727315f94be29ef2c98
Size

402KB
Sample

240831-xc563ayhmh
MD5

e34d3e95a52de40e5a38ed111876cddf
SHA1

91beb0a96cd84bdf1deb0c14e39521a54f0c0110
SHA256

6fc84e495a4d76e5da5da4d30a461029c0a144e4d3a47727315f94be29ef2c98
SHA512

358f409cd3b36ccce2e8600c400b8cbefa7ad5961e1b77913ac78440880a73b76fe0282752bf5831ee3de61f9d0993db430faff26b22c129fd7d54b82956b808
SSDEEP

6144:tdyq4ShFUO3qBgAA/LWeqpna/nfLqncpD4Pfb8NbvL:tkq9hFUO3qOAaEpOnfLqnc+PfgNbT

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  6fc84e495a4d76e5da5da4d30a461029c0a144e4d3a47727315f94be29ef2c98
- Size
  
  402KB
- MD5
  
  e34d3e95a52de40e5a38ed111876cddf
- SHA1
  
  91beb0a96cd84bdf1deb0c14e39521a54f0c0110
- SHA256
  
  6fc84e495a4d76e5da5da4d30a461029c0a144e4d3a47727315f94be29ef2c98
- SHA512
  
  358f409cd3b36ccce2e8600c400b8cbefa7ad5961e1b77913ac78440880a73b76fe0282752bf5831ee3de61f9d0993db430faff26b22c129fd7d54b82956b808
- SSDEEP
  
  6144:tdyq4ShFUO3qBgAA/LWeqpna/nfLqncpD4Pfb8NbvL:tkq9hFUO3qOAaEpOnfLqnc+PfgNbT
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader