gcleaner | 44e24536e35b628e100cdf680c24818294bf3e4553458df64a02b75686977486 | Triage

Sharing

General

Target

44e24536e35b628e100cdf680c24818294bf3e4553458df64a02b75686977486
Size

424KB
Sample

240903-v568qasbnr
MD5

02bf16dd3c3a5363f086d7d2dad97adc
SHA1

0ae18f784f2cbb0f4f3055252d36286c7f39340d
SHA256

44e24536e35b628e100cdf680c24818294bf3e4553458df64a02b75686977486
SHA512

2ce991a2372d878791d1fd56968047cdf8081527738f1d741035478e1cc512540d309648cb747b798933be5a04c45e25b0598e7941871567c712a01016cd83de
SSDEEP

6144:1H/J5DPNWssI8n0wuHBsKvXGK2zxhG3Wl+vrtHSbUqYdAon:1fJ5DPNvR8n/zK/GKo/l+v5ygqWBn

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  44e24536e35b628e100cdf680c24818294bf3e4553458df64a02b75686977486
- Size
  
  424KB
- MD5
  
  02bf16dd3c3a5363f086d7d2dad97adc
- SHA1
  
  0ae18f784f2cbb0f4f3055252d36286c7f39340d
- SHA256
  
  44e24536e35b628e100cdf680c24818294bf3e4553458df64a02b75686977486
- SHA512
  
  2ce991a2372d878791d1fd56968047cdf8081527738f1d741035478e1cc512540d309648cb747b798933be5a04c45e25b0598e7941871567c712a01016cd83de
- SSDEEP
  
  6144:1H/J5DPNWssI8n0wuHBsKvXGK2zxhG3Wl+vrtHSbUqYdAon:1fJ5DPNvR8n/zK/GKo/l+v5ygqWBn
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader