gcleaner | bf73856cac4b5c8266eced1899abfdede6f16629afb65710dd03c66bdc846bab | Triage

Sharing

General

Target

bf73856cac4b5c8266eced1899abfdede6f16629afb65710dd03c66bdc846bab
Size

380KB
Sample

240909-t5q13a1ape
MD5

cc83e32987e75b20c078b9c70cb08806
SHA1

adf7cc4c1cfd9086341bbd1985e8c696fad2e090
SHA256

bf73856cac4b5c8266eced1899abfdede6f16629afb65710dd03c66bdc846bab
SHA512

13a7bf24c40a7685361e253d47d3506b11eb55757a6139770e520ff51f55bd6ec85a6d06cbb1b96e44057f6a83840e448dcd9451c4e8d79a7a53db677c2c4a81
SSDEEP

6144:WBcEmNbYTo7ZICmCz7kTT0Oe+I4vY4hWc/Vf:W9KbYYBwZIYhW

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  bf73856cac4b5c8266eced1899abfdede6f16629afb65710dd03c66bdc846bab
- Size
  
  380KB
- MD5
  
  cc83e32987e75b20c078b9c70cb08806
- SHA1
  
  adf7cc4c1cfd9086341bbd1985e8c696fad2e090
- SHA256
  
  bf73856cac4b5c8266eced1899abfdede6f16629afb65710dd03c66bdc846bab
- SHA512
  
  13a7bf24c40a7685361e253d47d3506b11eb55757a6139770e520ff51f55bd6ec85a6d06cbb1b96e44057f6a83840e448dcd9451c4e8d79a7a53db677c2c4a81
- SSDEEP
  
  6144:WBcEmNbYTo7ZICmCz7kTT0Oe+I4vY4hWc/Vf:W9KbYYBwZIYhW
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader