gcleaner | 89d8c202b193c0876b5972ec562f5d99aa451ed8e1fd7d63eda75b6ccc23f28d | Triage

Sharing

General

Target

89d8c202b193c0876b5972ec562f5d99aa451ed8e1fd7d63eda75b6ccc23f28d
Size

388KB
Sample

240909-3xtawswgrk
MD5

9548719d7d1b65914203c6e6646b963f
SHA1

efd5a68c55cb7f35150934a684446eefca3b32e4
SHA256

89d8c202b193c0876b5972ec562f5d99aa451ed8e1fd7d63eda75b6ccc23f28d
SHA512

7756a2c28670a796eac5fb8bb84bda5e7a75c87afd8740b9f82390d4d086dd2147ce59bac161dfe3a573b0bfd1cd5dfb83b2fdcc482b0299eab4b650448662a0
SSDEEP

6144:oe3O2plnitPBRTSOim1C++G539t8FphnakM9Bf:ouFzitPHTSOd1C+l6ha

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

45.91.200.135

Targets

- Target
  
  89d8c202b193c0876b5972ec562f5d99aa451ed8e1fd7d63eda75b6ccc23f28d
- Size
  
  388KB
- MD5
  
  9548719d7d1b65914203c6e6646b963f
- SHA1
  
  efd5a68c55cb7f35150934a684446eefca3b32e4
- SHA256
  
  89d8c202b193c0876b5972ec562f5d99aa451ed8e1fd7d63eda75b6ccc23f28d
- SHA512
  
  7756a2c28670a796eac5fb8bb84bda5e7a75c87afd8740b9f82390d4d086dd2147ce59bac161dfe3a573b0bfd1cd5dfb83b2fdcc482b0299eab4b650448662a0
- SSDEEP
  
  6144:oe3O2plnitPBRTSOim1C++G539t8FphnakM9Bf:ouFzitPHTSOd1C+l6ha
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader