gcleaner | e6361c1ef0bf8bcf2214c38398271d7f712ec8bd695f537d5f8778ef792f95cb | Triage

Sharing

General

Target

e6361c1ef0bf8bcf2214c38398271d7f712ec8bd695f537d5f8778ef792f95cb
Size

270KB
Sample

240904-1xc8kaxcll
MD5

9230ef97a9a569e3a52b3701db960bec
SHA1

5281258f8a82ebe0399f03b9b099e28335523508
SHA256

e6361c1ef0bf8bcf2214c38398271d7f712ec8bd695f537d5f8778ef792f95cb
SHA512

2a5da291f77c279823b6da9c13989d485fe3a2e4ad48ee98811d1393c8c8283e3d47aa1b425f98bed1926253187b2f3542c004bec884da4d37b0f27958b24530
SSDEEP

3072:wILRxWrfH3gMKR1MnwqaeGgkTinTDKblVj5EzLXaZbIcZXlf4lpbQ:wAxafH3gMKR1x3edkTiTDKbl8Xq5ZY

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  e6361c1ef0bf8bcf2214c38398271d7f712ec8bd695f537d5f8778ef792f95cb
- Size
  
  270KB
- MD5
  
  9230ef97a9a569e3a52b3701db960bec
- SHA1
  
  5281258f8a82ebe0399f03b9b099e28335523508
- SHA256
  
  e6361c1ef0bf8bcf2214c38398271d7f712ec8bd695f537d5f8778ef792f95cb
- SHA512
  
  2a5da291f77c279823b6da9c13989d485fe3a2e4ad48ee98811d1393c8c8283e3d47aa1b425f98bed1926253187b2f3542c004bec884da4d37b0f27958b24530
- SSDEEP
  
  3072:wILRxWrfH3gMKR1MnwqaeGgkTinTDKblVj5EzLXaZbIcZXlf4lpbQ:wAxafH3gMKR1x3edkTiTDKbl8Xq5ZY
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader