gcleaner | f6db5651b78d79d935dfd7f6b24150b53dbb5ee3b6e4445c5e679a47662e3a17 | Triage

Sharing

General

Target

f6db5651b78d79d935dfd7f6b24150b53dbb5ee3b6e4445c5e679a47662e3a17
Size

325KB
Sample

240908-lh895aybml
MD5

29f00563b57a8d628f0b31bc1450a74d
SHA1

e0c24fafb1200ac9c5a29bcbc81305215aa1152a
SHA256

f6db5651b78d79d935dfd7f6b24150b53dbb5ee3b6e4445c5e679a47662e3a17
SHA512

c0179b40be9c7bdf57d132f4f083555f2a03478d5f345e635f9c52f094efa37f08a294337f2eed614c849f67d6ba0d9fc6e2d8b43b837dcb03daf04021e8b52d
SSDEEP

6144:Gfb1/7DBF4LXZsao03o20VxGaRyXNL/CLE/Q:ibNDBF4eh0350gLB/CQ/

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

45.91.200.135

Targets

- Target
  
  f6db5651b78d79d935dfd7f6b24150b53dbb5ee3b6e4445c5e679a47662e3a17
- Size
  
  325KB
- MD5
  
  29f00563b57a8d628f0b31bc1450a74d
- SHA1
  
  e0c24fafb1200ac9c5a29bcbc81305215aa1152a
- SHA256
  
  f6db5651b78d79d935dfd7f6b24150b53dbb5ee3b6e4445c5e679a47662e3a17
- SHA512
  
  c0179b40be9c7bdf57d132f4f083555f2a03478d5f345e635f9c52f094efa37f08a294337f2eed614c849f67d6ba0d9fc6e2d8b43b837dcb03daf04021e8b52d
- SSDEEP
  
  6144:Gfb1/7DBF4LXZsao03o20VxGaRyXNL/CLE/Q:ibNDBF4eh0350gLB/CQ/
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader