gcleaner | 266b61c654cee4fcb0221f72d26e37343fef76aafcee1f6ccc1581dd052e2cf5 | Triage

Sharing

General

Target

266b61c654cee4fcb0221f72d26e37343fef76aafcee1f6ccc1581dd052e2cf5
Size

325KB
Sample

240908-rtcces1brq
MD5

539c130a606b9b789a7c894f1332c274
SHA1

4883afe6a383e82aaa7846c9995df10f4b746672
SHA256

266b61c654cee4fcb0221f72d26e37343fef76aafcee1f6ccc1581dd052e2cf5
SHA512

c924d3aa7be0afd5b220d6351a86eda46821bb0a5e394fb3a591b25a3e22045c8d15c7bf680f87c724459879552e1297c8ed8065ad3e838b58893a4bb0a85d0c
SSDEEP

6144:vfb1r7ArF9KkLE+mE3ZSn1/hAIS2ZFvcEHo+uQTdJ91L:3bZArF9Ge8n1/hAkZl3ZhdJ9V

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

45.91.200.135

Targets

- Target
  
  266b61c654cee4fcb0221f72d26e37343fef76aafcee1f6ccc1581dd052e2cf5
- Size
  
  325KB
- MD5
  
  539c130a606b9b789a7c894f1332c274
- SHA1
  
  4883afe6a383e82aaa7846c9995df10f4b746672
- SHA256
  
  266b61c654cee4fcb0221f72d26e37343fef76aafcee1f6ccc1581dd052e2cf5
- SHA512
  
  c924d3aa7be0afd5b220d6351a86eda46821bb0a5e394fb3a591b25a3e22045c8d15c7bf680f87c724459879552e1297c8ed8065ad3e838b58893a4bb0a85d0c
- SSDEEP
  
  6144:vfb1r7ArF9KkLE+mE3ZSn1/hAIS2ZFvcEHo+uQTdJ91L:3bZArF9Ge8n1/hAkZl3ZhdJ9V
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader