gcleaner | 1c53f2d30886da4a76d1e08256a8e2e644d6c951b59b44fa6a11512a81fba486 | Triage

Sharing

General

Target

1c53f2d30886da4a76d1e08256a8e2e644d6c951b59b44fa6a11512a81fba486
Size

321KB
Sample

240908-z3287syake
MD5

85d728e853d379c0daacea6640cafba5
SHA1

2e942cab1c2ab630b3ba6657301ce29f933c6b36
SHA256

1c53f2d30886da4a76d1e08256a8e2e644d6c951b59b44fa6a11512a81fba486
SHA512

e9adb3c4727c974f48aa096ed7917c6436940ac81811a710478635f9f1858aa8ab110de02aba3f7c9d37d5a589cec8af6ce829639bda3c22364b30f758fb75ad
SSDEEP

6144:Xfblfs3FsGvEIjzDp/c6z5ak0VERuQTdJNT8m:vbRs3Fs1IjztkygERhdJam

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

45.91.200.135

Targets

- Target
  
  1c53f2d30886da4a76d1e08256a8e2e644d6c951b59b44fa6a11512a81fba486
- Size
  
  321KB
- MD5
  
  85d728e853d379c0daacea6640cafba5
- SHA1
  
  2e942cab1c2ab630b3ba6657301ce29f933c6b36
- SHA256
  
  1c53f2d30886da4a76d1e08256a8e2e644d6c951b59b44fa6a11512a81fba486
- SHA512
  
  e9adb3c4727c974f48aa096ed7917c6436940ac81811a710478635f9f1858aa8ab110de02aba3f7c9d37d5a589cec8af6ce829639bda3c22364b30f758fb75ad
- SSDEEP
  
  6144:Xfblfs3FsGvEIjzDp/c6z5ak0VERuQTdJNT8m:vbRs3Fs1IjztkygERhdJam
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader