gcleaner | dc4fa85e31628b0d198397cf9c3b0c4d81a4a0a228d99ccfc00f2014c519f9b5 | Triage

Sharing

General

Target

dc4fa85e31628b0d198397cf9c3b0c4d81a4a0a228d99ccfc00f2014c519f9b5
Size

399KB
Sample

240905-k2ygasxhkc
MD5

3b48a1c694ac54a13dddd809ccc0c3f5
SHA1

55d7ea8f37ac8206f70fd8e2cc47395633abe495
SHA256

dc4fa85e31628b0d198397cf9c3b0c4d81a4a0a228d99ccfc00f2014c519f9b5
SHA512

d63406e20ae77bdad9c9b06d426db00386c7bc1e1af3b28fd12066e22090cafde130dc7fc78e17ada0ec2945ca224614710ce5af64bf9429684f7cbafb5afdc9
SSDEEP

12288:r5S6HYfKTG0981SYJZ3vjWOOGBaGhFCZ:rgtfYxMtJlvjWOOeI

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  dc4fa85e31628b0d198397cf9c3b0c4d81a4a0a228d99ccfc00f2014c519f9b5
- Size
  
  399KB
- MD5
  
  3b48a1c694ac54a13dddd809ccc0c3f5
- SHA1
  
  55d7ea8f37ac8206f70fd8e2cc47395633abe495
- SHA256
  
  dc4fa85e31628b0d198397cf9c3b0c4d81a4a0a228d99ccfc00f2014c519f9b5
- SHA512
  
  d63406e20ae77bdad9c9b06d426db00386c7bc1e1af3b28fd12066e22090cafde130dc7fc78e17ada0ec2945ca224614710ce5af64bf9429684f7cbafb5afdc9
- SSDEEP
  
  12288:r5S6HYfKTG0981SYJZ3vjWOOGBaGhFCZ:rgtfYxMtJlvjWOOeI
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader