gcleaner | ec1611a910c602aa38efc72cce168726b3d88348ee83f9b885cbd141442b989b | Triage

Sharing

General

Target

ec1611a910c602aa38efc72cce168726b3d88348ee83f9b885cbd141442b989b
Size

380KB
Sample

240909-r12kwswapf
MD5

20b97b34517fd95e0ed76b3851d0a6aa
SHA1

9f42219d7a04fb36db0b9ea9918a049cd9181e5d
SHA256

ec1611a910c602aa38efc72cce168726b3d88348ee83f9b885cbd141442b989b
SHA512

acac82ee4a0ccacd66cc2e9f1e14b70c59225a0891f3c215297ca8adde88f54918b00fc2d7ed5127f60941695acd651d94483655c4bc3b1c5bf5c9fbb2d9c8c3
SSDEEP

6144:qB9W3n+Y9OpuBStPaDKzolF/eQteFY0njtsiPHeY+rfZHif:q23+Y9OBtUmw/eXq0njtsiP+YE

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

45.91.200.135

Targets

- Target
  
  ec1611a910c602aa38efc72cce168726b3d88348ee83f9b885cbd141442b989b
- Size
  
  380KB
- MD5
  
  20b97b34517fd95e0ed76b3851d0a6aa
- SHA1
  
  9f42219d7a04fb36db0b9ea9918a049cd9181e5d
- SHA256
  
  ec1611a910c602aa38efc72cce168726b3d88348ee83f9b885cbd141442b989b
- SHA512
  
  acac82ee4a0ccacd66cc2e9f1e14b70c59225a0891f3c215297ca8adde88f54918b00fc2d7ed5127f60941695acd651d94483655c4bc3b1c5bf5c9fbb2d9c8c3
- SSDEEP
  
  6144:qB9W3n+Y9OpuBStPaDKzolF/eQteFY0njtsiPHeY+rfZHif:q23+Y9OBtUmw/eXq0njtsiP+YE
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader