gcleaner | 48ec9c2b9b6993d644e02de8ed24097193359b2b2541d76509f456144dd84ee3 | Triage

Sharing

General

Target

48ec9c2b9b6993d644e02de8ed24097193359b2b2541d76509f456144dd84ee3
Size

322KB
Sample

240908-11dnhazfma
MD5

e5fedf19422b8e2b086006fc1874e7eb
SHA1

f8e6ee1b85b0a4039ecb2c6f4fa21564336fd146
SHA256

48ec9c2b9b6993d644e02de8ed24097193359b2b2541d76509f456144dd84ee3
SHA512

32a50a68f03ca9453e4ae1c661b34caeca1a10f641a298e65c88b357dcd820f9165dc8a4dfc06eefc82536da437314570b3b7114559900071d2f38e359129b7c
SSDEEP

6144:xff1UDhSFXP4Smb9F3bNNp3KIERjteyPzP8lRkeEVRJ8zjeEhuQTdJtTm:5fehSFXLsP3XpaIERjcSPURkRVkzaEhK

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

45.91.200.135

Targets

- Target
  
  48ec9c2b9b6993d644e02de8ed24097193359b2b2541d76509f456144dd84ee3
- Size
  
  322KB
- MD5
  
  e5fedf19422b8e2b086006fc1874e7eb
- SHA1
  
  f8e6ee1b85b0a4039ecb2c6f4fa21564336fd146
- SHA256
  
  48ec9c2b9b6993d644e02de8ed24097193359b2b2541d76509f456144dd84ee3
- SHA512
  
  32a50a68f03ca9453e4ae1c661b34caeca1a10f641a298e65c88b357dcd820f9165dc8a4dfc06eefc82536da437314570b3b7114559900071d2f38e359129b7c
- SSDEEP
  
  6144:xff1UDhSFXP4Smb9F3bNNp3KIERjteyPzP8lRkeEVRJ8zjeEhuQTdJtTm:5fehSFXLsP3XpaIERjcSPURkRVkzaEhK
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader