gcleaner | d4ad9ccbec1ac90a6030ee7aed785a7275b6369a49ac825d144452e8d751be01 | Triage

Sharing

General

Target

d4ad9ccbec1ac90a6030ee7aed785a7275b6369a49ac825d144452e8d751be01
Size

299KB
Sample

240906-mqvmda1gpl
MD5

a75147ade71980a4b3c7e21dec154841
SHA1

7ad3f946efc26afdfbd76035570c8addb4c1aff4
SHA256

d4ad9ccbec1ac90a6030ee7aed785a7275b6369a49ac825d144452e8d751be01
SHA512

603ac8ef234f23a1ce6ab5b62cc100ecb0a9c0519050257fadc31afe118bdbd3194265cbdc0054aa5094cfedb3be6024f66c350f2b7953a48bf0b86b3bc41814
SSDEEP

6144:ppDUYxOOoC2rftC1CKuX2+wNYoFmyi34L9shGb/MMx0Vdh1JQ:pVUHbC2jt3KuX2+07iICxVdz

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

45.91.200.135

Targets

- Target
  
  d4ad9ccbec1ac90a6030ee7aed785a7275b6369a49ac825d144452e8d751be01
- Size
  
  299KB
- MD5
  
  a75147ade71980a4b3c7e21dec154841
- SHA1
  
  7ad3f946efc26afdfbd76035570c8addb4c1aff4
- SHA256
  
  d4ad9ccbec1ac90a6030ee7aed785a7275b6369a49ac825d144452e8d751be01
- SHA512
  
  603ac8ef234f23a1ce6ab5b62cc100ecb0a9c0519050257fadc31afe118bdbd3194265cbdc0054aa5094cfedb3be6024f66c350f2b7953a48bf0b86b3bc41814
- SSDEEP
  
  6144:ppDUYxOOoC2rftC1CKuX2+wNYoFmyi34L9shGb/MMx0Vdh1JQ:pVUHbC2jt3KuX2+07iICxVdz
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader