gcleaner | 2f163695c836b76ef1d008d63f28dfbaa0fdaf2ba3772ed09ae1d82f872fdc84 | Triage

Sharing

General

Target

2f163695c836b76ef1d008d63f28dfbaa0fdaf2ba3772ed09ae1d82f872fdc84
Size

278KB
Sample

240904-jqy31swfpj
MD5

9b5828c209e935d021e48fad0b860b99
SHA1

bd470d7ebda67f137cc6d2d9b3bc7c58b521162f
SHA256

2f163695c836b76ef1d008d63f28dfbaa0fdaf2ba3772ed09ae1d82f872fdc84
SHA512

96f81d2fc50ef4834c1b74a375f4e13d10499d0d2fd680fd31d5ca01d7f6292511130848d1f67d4d711e4779914031a4d449523f0bee15eb07956ff461c049fd
SSDEEP

6144:EBoUgpj8IR833ylSFU1Ut4nnc2dbQYHfNO1R:+oUgp833ylN1fc2dkYM

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

45.91.200.135

Targets

- Target
  
  2f163695c836b76ef1d008d63f28dfbaa0fdaf2ba3772ed09ae1d82f872fdc84
- Size
  
  278KB
- MD5
  
  9b5828c209e935d021e48fad0b860b99
- SHA1
  
  bd470d7ebda67f137cc6d2d9b3bc7c58b521162f
- SHA256
  
  2f163695c836b76ef1d008d63f28dfbaa0fdaf2ba3772ed09ae1d82f872fdc84
- SHA512
  
  96f81d2fc50ef4834c1b74a375f4e13d10499d0d2fd680fd31d5ca01d7f6292511130848d1f67d4d711e4779914031a4d449523f0bee15eb07956ff461c049fd
- SSDEEP
  
  6144:EBoUgpj8IR833ylSFU1Ut4nnc2dbQYHfNO1R:+oUgp833ylN1fc2dkYM
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader