gcleaner | e5fd67a9b4d65ce3c03b1728f0783a15ff8a85b1c8d5c7e1abf5ff5d83e1bb5d | Triage

Sharing

General

Target

e5fd67a9b4d65ce3c03b1728f0783a15ff8a85b1c8d5c7e1abf5ff5d83e1bb5d
Size

305KB
Sample

240902-mxawjsycmn
MD5

35ff4a3cacca7f69a41ac5989b4b9484
SHA1

954f19c5346c4fd5377621c437bef4c92e67cdb6
SHA256

e5fd67a9b4d65ce3c03b1728f0783a15ff8a85b1c8d5c7e1abf5ff5d83e1bb5d
SHA512

0c876ab558a51080cafdbd84df1ee637d8b0dc0efe0a82552a1a9cceb6f77636c4fe914c520cdc492545d49a8a4e485864795bf4f549c5256b6fae0b2ecf1612
SSDEEP

6144:XBgQgpT8TUdFTD6eceQ395NKLlujnPoEOUVuztfbgqum:RgQgXdFT5NQ6qngEOUWt

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  e5fd67a9b4d65ce3c03b1728f0783a15ff8a85b1c8d5c7e1abf5ff5d83e1bb5d
- Size
  
  305KB
- MD5
  
  35ff4a3cacca7f69a41ac5989b4b9484
- SHA1
  
  954f19c5346c4fd5377621c437bef4c92e67cdb6
- SHA256
  
  e5fd67a9b4d65ce3c03b1728f0783a15ff8a85b1c8d5c7e1abf5ff5d83e1bb5d
- SHA512
  
  0c876ab558a51080cafdbd84df1ee637d8b0dc0efe0a82552a1a9cceb6f77636c4fe914c520cdc492545d49a8a4e485864795bf4f549c5256b6fae0b2ecf1612
- SSDEEP
  
  6144:XBgQgpT8TUdFTD6eceQ395NKLlujnPoEOUVuztfbgqum:RgQgXdFT5NQ6qngEOUWt
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader