gcleaner | 171759e77168aaf166f16538379616db5f0fe7bee7fdf887b045ed7f6028f09f | Triage

Sharing

General

Target

171759e77168aaf166f16538379616db5f0fe7bee7fdf887b045ed7f6028f09f
Size

404KB
Sample

240901-d87j8a1cmf
MD5

87014027f4915599f2bdac58a47ab869
SHA1

23ce03b717901d01a98df9c8df4f1057753c8d87
SHA256

171759e77168aaf166f16538379616db5f0fe7bee7fdf887b045ed7f6028f09f
SHA512

7763799175502c97a87c7c8a3e3ca706b3d8ea52ec283e0048581ce7a432e67cd91f25390bb52c35b6408010e03b6a33ca6a77daf20668b569b0854b776834f1
SSDEEP

3072:q1otAXhjgBRBPW9IRpC7ObFbBhUV7WMKYJqVK9me9gSag1LXfVC50QCuBWstvi0h:LKRjYfPzFwVFme9taILXfk50ruxv/a

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  171759e77168aaf166f16538379616db5f0fe7bee7fdf887b045ed7f6028f09f
- Size
  
  404KB
- MD5
  
  87014027f4915599f2bdac58a47ab869
- SHA1
  
  23ce03b717901d01a98df9c8df4f1057753c8d87
- SHA256
  
  171759e77168aaf166f16538379616db5f0fe7bee7fdf887b045ed7f6028f09f
- SHA512
  
  7763799175502c97a87c7c8a3e3ca706b3d8ea52ec283e0048581ce7a432e67cd91f25390bb52c35b6408010e03b6a33ca6a77daf20668b569b0854b776834f1
- SSDEEP
  
  3072:q1otAXhjgBRBPW9IRpC7ObFbBhUV7WMKYJqVK9me9gSag1LXfVC50QCuBWstvi0h:LKRjYfPzFwVFme9taILXfk50ruxv/a
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader