gcleaner | da15ad1b5bfc49155d9a2a69e5ad10e006c589fc99e53b3d961fa29673398112 | Triage

Sharing

General

Target

da15ad1b5bfc49155d9a2a69e5ad10e006c589fc99e53b3d961fa29673398112
Size

414KB
Sample

240903-x7dejawcpc
MD5

3608071108d81d41f3db4b579e77ecb1
SHA1

ec65be0f566a21d5d7fde19764efb40963da19df
SHA256

da15ad1b5bfc49155d9a2a69e5ad10e006c589fc99e53b3d961fa29673398112
SHA512

809da173778dc254e3ee288db52f7eab1c39ad2b563c85665c895ea59abd51cd53bdecb6ac8eb6107c0ca90a7aef89a2012d7ad92fd5e8bb904feed0b0bf49db
SSDEEP

6144:XdqJ2HcuDKtjKgGXPKpPrcfadQQZRP/bC7VF/11XP:XkgHzD0mWTSadQQzbuVvJ

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  da15ad1b5bfc49155d9a2a69e5ad10e006c589fc99e53b3d961fa29673398112
- Size
  
  414KB
- MD5
  
  3608071108d81d41f3db4b579e77ecb1
- SHA1
  
  ec65be0f566a21d5d7fde19764efb40963da19df
- SHA256
  
  da15ad1b5bfc49155d9a2a69e5ad10e006c589fc99e53b3d961fa29673398112
- SHA512
  
  809da173778dc254e3ee288db52f7eab1c39ad2b563c85665c895ea59abd51cd53bdecb6ac8eb6107c0ca90a7aef89a2012d7ad92fd5e8bb904feed0b0bf49db
- SSDEEP
  
  6144:XdqJ2HcuDKtjKgGXPKpPrcfadQQZRP/bC7VF/11XP:XkgHzD0mWTSadQQzbuVvJ
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader