gcleaner | f36829ff6541eb7136e7461f0c7f7d6eb50cc4d9cb97fad3e6a66062c29a6b40 | Triage

Sharing

General

Target

f36829ff6541eb7136e7461f0c7f7d6eb50cc4d9cb97fad3e6a66062c29a6b40
Size

415KB
Sample

240903-jx239a1gkp
MD5

ce011ff48e6712de208f9a7334a1d253
SHA1

13057335afef2c674fe599546265bf1a28b699cd
SHA256

f36829ff6541eb7136e7461f0c7f7d6eb50cc4d9cb97fad3e6a66062c29a6b40
SHA512

1e3fe8de3b95fe409e46898e97026f5025aea23be2c16947aa5d9ced9fdb0ff951eb0b450e856304539f8bf522086157f722f465142b19db15f0305b3b19c763
SSDEEP

6144:81Dojbopa02YfMysDTi2Bi1NLyM7AlbGF2hiIZpDVOZ:8hqboaGWTiDT7AFGch/M

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  f36829ff6541eb7136e7461f0c7f7d6eb50cc4d9cb97fad3e6a66062c29a6b40
- Size
  
  415KB
- MD5
  
  ce011ff48e6712de208f9a7334a1d253
- SHA1
  
  13057335afef2c674fe599546265bf1a28b699cd
- SHA256
  
  f36829ff6541eb7136e7461f0c7f7d6eb50cc4d9cb97fad3e6a66062c29a6b40
- SHA512
  
  1e3fe8de3b95fe409e46898e97026f5025aea23be2c16947aa5d9ced9fdb0ff951eb0b450e856304539f8bf522086157f722f465142b19db15f0305b3b19c763
- SSDEEP
  
  6144:81Dojbopa02YfMysDTi2Bi1NLyM7AlbGF2hiIZpDVOZ:8hqboaGWTiDT7AFGch/M
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader