gcleaner | 5dc00bf5bc7d303d81f0c86ab18ee44da6d04cc92f110f612d9c70fdf9c6cf9c | Triage

Sharing

General

Target

5dc00bf5bc7d303d81f0c86ab18ee44da6d04cc92f110f612d9c70fdf9c6cf9c
Size

404KB
Sample

240901-q2am5asfmd
MD5

7e4cd5ac994792c76609720a1c3554d1
SHA1

cdcfe2977755b0e187961b8b7a0b5a7ccc8f6b37
SHA256

5dc00bf5bc7d303d81f0c86ab18ee44da6d04cc92f110f612d9c70fdf9c6cf9c
SHA512

176e0b9fbed1bfe31e4eec20185fbd15477b2e55a4c2c5db6984fe990a9f0141c7e6b6275793433c02d354c0f727012815436ea4e3657a2526f4b78d04229521
SSDEEP

6144:tqvDsAIl9gAFveULtnmgqyDaFvs5davjN1TJBg3qEVE3c:tqLsAQ9B3tmvyD6s58rN1F+653

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  5dc00bf5bc7d303d81f0c86ab18ee44da6d04cc92f110f612d9c70fdf9c6cf9c
- Size
  
  404KB
- MD5
  
  7e4cd5ac994792c76609720a1c3554d1
- SHA1
  
  cdcfe2977755b0e187961b8b7a0b5a7ccc8f6b37
- SHA256
  
  5dc00bf5bc7d303d81f0c86ab18ee44da6d04cc92f110f612d9c70fdf9c6cf9c
- SHA512
  
  176e0b9fbed1bfe31e4eec20185fbd15477b2e55a4c2c5db6984fe990a9f0141c7e6b6275793433c02d354c0f727012815436ea4e3657a2526f4b78d04229521
- SSDEEP
  
  6144:tqvDsAIl9gAFveULtnmgqyDaFvs5davjN1TJBg3qEVE3c:tqLsAQ9B3tmvyD6s58rN1F+653
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader