gcleaner | c572c301ad3d318bde4659bc0bca2f5023dd34c2a722cd180660fe3f88e9b5cf | Triage

Sharing

General

Target

c572c301ad3d318bde4659bc0bca2f5023dd34c2a722cd180660fe3f88e9b5cf
Size

295KB
Sample

240907-1t1jpaxdrp
MD5

9fe005fd64205dcd18282e788c843984
SHA1

9867efb47c2d86e864398926bfeb6f9ccfdf6298
SHA256

c572c301ad3d318bde4659bc0bca2f5023dd34c2a722cd180660fe3f88e9b5cf
SHA512

9e37ebc716ca6bd9fcc846ff528936b6306d6738835c46bf6aae9f2d8ca8e50ed64e977bbbc34e4108a5ca16d2a55d0d570e74157d0ed2e864ce6ab8b09bc37b
SSDEEP

6144:24BbfnESxoeNuvIng2Mjo6sbhF35J5lIXW0u6uzQ/Q:2un9xoeNuvYg2i9AX5J5l0q6X/

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  c572c301ad3d318bde4659bc0bca2f5023dd34c2a722cd180660fe3f88e9b5cf
- Size
  
  295KB
- MD5
  
  9fe005fd64205dcd18282e788c843984
- SHA1
  
  9867efb47c2d86e864398926bfeb6f9ccfdf6298
- SHA256
  
  c572c301ad3d318bde4659bc0bca2f5023dd34c2a722cd180660fe3f88e9b5cf
- SHA512
  
  9e37ebc716ca6bd9fcc846ff528936b6306d6738835c46bf6aae9f2d8ca8e50ed64e977bbbc34e4108a5ca16d2a55d0d570e74157d0ed2e864ce6ab8b09bc37b
- SSDEEP
  
  6144:24BbfnESxoeNuvIng2Mjo6sbhF35J5lIXW0u6uzQ/Q:2un9xoeNuvYg2i9AX5J5l0q6X/
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader