gcleaner | a97aa9ce4c61d2767808f1e6cc7f6c18a4199b0655afc1083a70caca01544864 | Triage

Sharing

General

Target

a97aa9ce4c61d2767808f1e6cc7f6c18a4199b0655afc1083a70caca01544864
Size

324KB
Sample

240907-qt47rswgmm
MD5

d9af11a36b5e8641669ad4fb3bf42631
SHA1

1470c852d6600088473b89873fb2eb5bf728c2e1
SHA256

a97aa9ce4c61d2767808f1e6cc7f6c18a4199b0655afc1083a70caca01544864
SHA512

f6edc42673d1a3b70ad7e9c1130a92b30fd8f3b00ff6e1499205f7a19a0c7c51534bb728be8bc8514f7a8860f378d77ebea41fb5756dc6df228268920f73aa87
SSDEEP

6144:ufHGs1p91pE8y2C3Eotoaz/OwC3YgaJ2rrdVpoF/Q:aHx1p9TqR+azGfYgTJS/

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

45.91.200.135

Targets

- Target
  
  a97aa9ce4c61d2767808f1e6cc7f6c18a4199b0655afc1083a70caca01544864
- Size
  
  324KB
- MD5
  
  d9af11a36b5e8641669ad4fb3bf42631
- SHA1
  
  1470c852d6600088473b89873fb2eb5bf728c2e1
- SHA256
  
  a97aa9ce4c61d2767808f1e6cc7f6c18a4199b0655afc1083a70caca01544864
- SHA512
  
  f6edc42673d1a3b70ad7e9c1130a92b30fd8f3b00ff6e1499205f7a19a0c7c51534bb728be8bc8514f7a8860f378d77ebea41fb5756dc6df228268920f73aa87
- SSDEEP
  
  6144:ufHGs1p91pE8y2C3Eotoaz/OwC3YgaJ2rrdVpoF/Q:aHx1p9TqR+azGfYgTJS/
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader