gcleaner | d45a5a500fe7c053a809df957fe4bfce5a54ba99693c57bb7216accc32ebce1e | Triage

Sharing

General

Target

d45a5a500fe7c053a809df957fe4bfce5a54ba99693c57bb7216accc32ebce1e
Size

304KB
Sample

240902-kzn5vaxfpc
MD5

aa59bc3579dd85b7abb99e48198f6f81
SHA1

e8753b8119895dfad22cf394e678c393298cc30a
SHA256

d45a5a500fe7c053a809df957fe4bfce5a54ba99693c57bb7216accc32ebce1e
SHA512

9c13da889688a32374fa4260e5bf41c1238e3fdfefc2a2b20b1a94d133d49510f43cd96dfc1f51a0cb767e0ae303d2e914435eb84e84e886999ac87976c4f6db
SSDEEP

6144:FBgQgpT8TUd+nDTfieubh2G/ExmUe2WdtpLgq:HgQgXd+Sth7ymCW

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  d45a5a500fe7c053a809df957fe4bfce5a54ba99693c57bb7216accc32ebce1e
- Size
  
  304KB
- MD5
  
  aa59bc3579dd85b7abb99e48198f6f81
- SHA1
  
  e8753b8119895dfad22cf394e678c393298cc30a
- SHA256
  
  d45a5a500fe7c053a809df957fe4bfce5a54ba99693c57bb7216accc32ebce1e
- SHA512
  
  9c13da889688a32374fa4260e5bf41c1238e3fdfefc2a2b20b1a94d133d49510f43cd96dfc1f51a0cb767e0ae303d2e914435eb84e84e886999ac87976c4f6db
- SSDEEP
  
  6144:FBgQgpT8TUd+nDTfieubh2G/ExmUe2WdtpLgq:HgQgXd+Sth7ymCW
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader