gcleaner | 126c47a436b70e43e6515330dc1b44f974570d6738f3ed63481df6d6d1fc79a6 | Triage

Sharing

General

Target

126c47a436b70e43e6515330dc1b44f974570d6738f3ed63481df6d6d1fc79a6
Size

404KB
Sample

240901-rwb5fateph
MD5

bb2669090265bbfe8f00eca665913e06
SHA1

b77ff15f3c6690cd0afcf66f188a5b2e491a5606
SHA256

126c47a436b70e43e6515330dc1b44f974570d6738f3ed63481df6d6d1fc79a6
SHA512

f598eef8ef44f70f28e020a5d5c965ee4ddf8cf548d483a8b5dbea28227f153b9bca504cd20bf855e6b61f81219a7fd9d0ae87675e0687c47d5eebd3dbf6a523
SSDEEP

6144:y3KjsVdUbbzx1a3npEEGcgWTAu7YLWvfy4oq:y30sVGPzxcX3lT37YLUy5

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  126c47a436b70e43e6515330dc1b44f974570d6738f3ed63481df6d6d1fc79a6
- Size
  
  404KB
- MD5
  
  bb2669090265bbfe8f00eca665913e06
- SHA1
  
  b77ff15f3c6690cd0afcf66f188a5b2e491a5606
- SHA256
  
  126c47a436b70e43e6515330dc1b44f974570d6738f3ed63481df6d6d1fc79a6
- SHA512
  
  f598eef8ef44f70f28e020a5d5c965ee4ddf8cf548d483a8b5dbea28227f153b9bca504cd20bf855e6b61f81219a7fd9d0ae87675e0687c47d5eebd3dbf6a523
- SSDEEP
  
  6144:y3KjsVdUbbzx1a3npEEGcgWTAu7YLWvfy4oq:y30sVGPzxcX3lT37YLUy5
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader