gcleaner | 58a8715a6652319788b334021b474a93c1595b3ea8ad411b881c5e84402bc151 | Triage

Sharing

General

Target

58a8715a6652319788b334021b474a93c1595b3ea8ad411b881c5e84402bc151
Size

270KB
Sample

240904-q7nryasfnb
MD5

22df7a8bc6564532859324f9f73f07b9
SHA1

9ac8b53488e972283c4b40ba7173e09f5dddd23e
SHA256

58a8715a6652319788b334021b474a93c1595b3ea8ad411b881c5e84402bc151
SHA512

b96128c356e42aeba253da27d644a6222a776bc25e7a02d5d7cf0648c22b8dbdb171c375f2d7c22e2d8f43cc9cc353f3807b725a36a3dd9df7fe9173be635767
SSDEEP

6144:DAxafH3gMKR1/ojCWEROv+DyBHXvXT7a04pI:DPH3gMu1AjC30vj7aJp

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  58a8715a6652319788b334021b474a93c1595b3ea8ad411b881c5e84402bc151
- Size
  
  270KB
- MD5
  
  22df7a8bc6564532859324f9f73f07b9
- SHA1
  
  9ac8b53488e972283c4b40ba7173e09f5dddd23e
- SHA256
  
  58a8715a6652319788b334021b474a93c1595b3ea8ad411b881c5e84402bc151
- SHA512
  
  b96128c356e42aeba253da27d644a6222a776bc25e7a02d5d7cf0648c22b8dbdb171c375f2d7c22e2d8f43cc9cc353f3807b725a36a3dd9df7fe9173be635767
- SSDEEP
  
  6144:DAxafH3gMKR1/ojCWEROv+DyBHXvXT7a04pI:DPH3gMu1AjC30vj7aJp
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader