gcleaner | 9bf7c1a6f1ad7d8f4cf95d56162a3865c22e8ebc229c3dbc97a237047c044108 | Triage

Sharing

General

Target

9bf7c1a6f1ad7d8f4cf95d56162a3865c22e8ebc229c3dbc97a237047c044108
Size

415KB
Sample

240905-2pebbstakf
MD5

df081bd571392ca5ded1ca50a1d11f57
SHA1

6ad0e67c3a12f1c14d6b38ac0c9f6671e1178448
SHA256

9bf7c1a6f1ad7d8f4cf95d56162a3865c22e8ebc229c3dbc97a237047c044108
SHA512

039f23ba68442d4b24cbf278ad66a16a9545b345be2729d45cfe5f95da652a122141f4d1b3471b6a91c43b8bbb6cb906b1f6e646d0ae597945396d88c36811ce
SSDEEP

3072:4mXEm/RgfbYPVlJhzsE+ELgRZXT9alY2IKoSUBRUO8w4H+BMCaErm3qCVvDiD2:XE2OfbYPzsZELwjn6ULUI4e2C1aqGDC

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  9bf7c1a6f1ad7d8f4cf95d56162a3865c22e8ebc229c3dbc97a237047c044108
- Size
  
  415KB
- MD5
  
  df081bd571392ca5ded1ca50a1d11f57
- SHA1
  
  6ad0e67c3a12f1c14d6b38ac0c9f6671e1178448
- SHA256
  
  9bf7c1a6f1ad7d8f4cf95d56162a3865c22e8ebc229c3dbc97a237047c044108
- SHA512
  
  039f23ba68442d4b24cbf278ad66a16a9545b345be2729d45cfe5f95da652a122141f4d1b3471b6a91c43b8bbb6cb906b1f6e646d0ae597945396d88c36811ce
- SSDEEP
  
  3072:4mXEm/RgfbYPVlJhzsE+ELgRZXT9alY2IKoSUBRUO8w4H+BMCaErm3qCVvDiD2:XE2OfbYPzsZELwjn6ULUI4e2C1aqGDC
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader