gcleaner | 5b80a16b10ae88aa9f46e032f1d68aa7ddd8cd45a3b787e7002c7797b063c9eb | Triage

Sharing

General

Target

5b80a16b10ae88aa9f46e032f1d68aa7ddd8cd45a3b787e7002c7797b063c9eb
Size

300KB
Sample

240904-tj4p2atbpp
MD5

5a4769753ffcbd37617b180faa65a7a5
SHA1

158eef397b0262e1ff600b4ea58e889d928b8750
SHA256

5b80a16b10ae88aa9f46e032f1d68aa7ddd8cd45a3b787e7002c7797b063c9eb
SHA512

2610097db3e9b53c0179e30fd86d2d1dda17616157ec3f8a4fe6159be160cd276872834583c7ffd5fe23a33db8feaff0f1d51021e2970266a68d52c84e35ad7b
SSDEEP

6144:lfHn+TbryKfN/dRwYqu1EgcCey0wLk6arrYcTVp:5Hn+TPyK5quugveLEQrrYoV

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

45.91.200.135

Targets

- Target
  
  5b80a16b10ae88aa9f46e032f1d68aa7ddd8cd45a3b787e7002c7797b063c9eb
- Size
  
  300KB
- MD5
  
  5a4769753ffcbd37617b180faa65a7a5
- SHA1
  
  158eef397b0262e1ff600b4ea58e889d928b8750
- SHA256
  
  5b80a16b10ae88aa9f46e032f1d68aa7ddd8cd45a3b787e7002c7797b063c9eb
- SHA512
  
  2610097db3e9b53c0179e30fd86d2d1dda17616157ec3f8a4fe6159be160cd276872834583c7ffd5fe23a33db8feaff0f1d51021e2970266a68d52c84e35ad7b
- SSDEEP
  
  6144:lfHn+TbryKfN/dRwYqu1EgcCey0wLk6arrYcTVp:5Hn+TPyK5quugveLEQrrYoV
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader