gcleaner | f6e185696cf0ea843fb6e2d7a1527dd1ba5b9b9a9dc7abbafcb57d023f2ec61b | Triage

Sharing

General

Target

f6e185696cf0ea843fb6e2d7a1527dd1ba5b9b9a9dc7abbafcb57d023f2ec61b
Size

324KB
Sample

240908-hjjt3ssbnp
MD5

68e52a7354a7affce933acfba9902f82
SHA1

4cac605108c8aa74a35d6fd8497644bdc9f4e9cc
SHA256

f6e185696cf0ea843fb6e2d7a1527dd1ba5b9b9a9dc7abbafcb57d023f2ec61b
SHA512

77b7f159ca3397f45b2d17b6eef171f01926161c0cc6aeee38d25ec7a79576457ed674db9d05f40716a9856173dfd81a688e865afa9827738b79faeb20c953f4
SSDEEP

6144:lfbD/dqFsA1GDrVbG4VuOT2GmNt3WlGdRhydE/Q:lb7dqFTYPV/tVmnCG0e/

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

45.91.200.135

Targets

- Target
  
  f6e185696cf0ea843fb6e2d7a1527dd1ba5b9b9a9dc7abbafcb57d023f2ec61b
- Size
  
  324KB
- MD5
  
  68e52a7354a7affce933acfba9902f82
- SHA1
  
  4cac605108c8aa74a35d6fd8497644bdc9f4e9cc
- SHA256
  
  f6e185696cf0ea843fb6e2d7a1527dd1ba5b9b9a9dc7abbafcb57d023f2ec61b
- SHA512
  
  77b7f159ca3397f45b2d17b6eef171f01926161c0cc6aeee38d25ec7a79576457ed674db9d05f40716a9856173dfd81a688e865afa9827738b79faeb20c953f4
- SSDEEP
  
  6144:lfbD/dqFsA1GDrVbG4VuOT2GmNt3WlGdRhydE/Q:lb7dqFTYPV/tVmnCG0e/
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader