gcleaner | 8205099f4ade018aedaacd35fe8af71236f4d1d6793da63235a6c04530ecd3e9 | Triage

Sharing

General

Target

8205099f4ade018aedaacd35fe8af71236f4d1d6793da63235a6c04530ecd3e9
Size

423KB
Sample

240903-xnehgstfpq
MD5

de7d567f87c17bc71ade2f90b04f914d
SHA1

4edc12643053aa5e0d579d73656a585a17bc5b12
SHA256

8205099f4ade018aedaacd35fe8af71236f4d1d6793da63235a6c04530ecd3e9
SHA512

5912302cc251d891b5799391b3eabf05c7c5f0c1eaffcff80d93883eb505382d15258df24d69895744943be2307f0342952b7d3066bca8432ed6889574b1db05
SSDEEP

6144:JFIR7fDS8WsU2QtQNjIfTRpHY5z69I/Rtx7JA/XJT:za7fDS8vUZQ2fTL4U2RtG

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  8205099f4ade018aedaacd35fe8af71236f4d1d6793da63235a6c04530ecd3e9
- Size
  
  423KB
- MD5
  
  de7d567f87c17bc71ade2f90b04f914d
- SHA1
  
  4edc12643053aa5e0d579d73656a585a17bc5b12
- SHA256
  
  8205099f4ade018aedaacd35fe8af71236f4d1d6793da63235a6c04530ecd3e9
- SHA512
  
  5912302cc251d891b5799391b3eabf05c7c5f0c1eaffcff80d93883eb505382d15258df24d69895744943be2307f0342952b7d3066bca8432ed6889574b1db05
- SSDEEP
  
  6144:JFIR7fDS8WsU2QtQNjIfTRpHY5z69I/Rtx7JA/XJT:za7fDS8vUZQ2fTL4U2RtG
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader