gcleaner | d9ecc985dc6851bfa63b25841d0879abf248d50bd1e95efb45e6d1707813e3cf | Triage

Sharing

General

Target

d9ecc985dc6851bfa63b25841d0879abf248d50bd1e95efb45e6d1707813e3cf
Size

400KB
Sample

240905-kpqkxswgmk
MD5

13d02c69763dece02f453669edafdead
SHA1

479ac56d7939632af05c01cd505662ef8bfef347
SHA256

d9ecc985dc6851bfa63b25841d0879abf248d50bd1e95efb45e6d1707813e3cf
SHA512

a978cf62687e918054a2008b74de5e5b21bfcaf97e3bfa643e0f9537b623ea6d63ec5b19e424d5aaae9af4db3ece1e5f5fc3019b0f4de450bb0611d779ce538b
SSDEEP

6144:ENqEEnHWfm10wV83SIjDHNnS0APzeessesXCgjqmA:EbEnHWfm10wG3SII0APzZNs

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

45.91.200.135

Targets

- Target
  
  d9ecc985dc6851bfa63b25841d0879abf248d50bd1e95efb45e6d1707813e3cf
- Size
  
  400KB
- MD5
  
  13d02c69763dece02f453669edafdead
- SHA1
  
  479ac56d7939632af05c01cd505662ef8bfef347
- SHA256
  
  d9ecc985dc6851bfa63b25841d0879abf248d50bd1e95efb45e6d1707813e3cf
- SHA512
  
  a978cf62687e918054a2008b74de5e5b21bfcaf97e3bfa643e0f9537b623ea6d63ec5b19e424d5aaae9af4db3ece1e5f5fc3019b0f4de450bb0611d779ce538b
- SSDEEP
  
  6144:ENqEEnHWfm10wV83SIjDHNnS0APzeessesXCgjqmA:EbEnHWfm10wG3SII0APzZNs
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader