gcleaner | 64d87830c3ff551d7790daddb6a06f89cdb161aa92874349b61a6bdf7532f51b | Triage

Sharing

General

Target

64d87830c3ff551d7790daddb6a06f89cdb161aa92874349b61a6bdf7532f51b
Size

388KB
Sample

240909-z5e7fssfjb
MD5

c265328dee0adc832753ea1e33844f94
SHA1

01cfca1896f942e8429dc22edd58456660ef20c2
SHA256

64d87830c3ff551d7790daddb6a06f89cdb161aa92874349b61a6bdf7532f51b
SHA512

0ea8af5a65b62364468a4aeb44fa567c8951cf9468dfc67e5ea5fe6f7b0a0ecd969e28e5acc08a3b62c0d4168a7469835d9f137c51c713dd7cdaee40b9d5db70
SSDEEP

6144:aew32m12dBAzpNyFq/y/FwtHplN1njeQ9GW3/f:apmm2dBCNGNcHplPjY

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

45.91.200.135

Targets

- Target
  
  64d87830c3ff551d7790daddb6a06f89cdb161aa92874349b61a6bdf7532f51b
- Size
  
  388KB
- MD5
  
  c265328dee0adc832753ea1e33844f94
- SHA1
  
  01cfca1896f942e8429dc22edd58456660ef20c2
- SHA256
  
  64d87830c3ff551d7790daddb6a06f89cdb161aa92874349b61a6bdf7532f51b
- SHA512
  
  0ea8af5a65b62364468a4aeb44fa567c8951cf9468dfc67e5ea5fe6f7b0a0ecd969e28e5acc08a3b62c0d4168a7469835d9f137c51c713dd7cdaee40b9d5db70
- SSDEEP
  
  6144:aew32m12dBAzpNyFq/y/FwtHplN1njeQ9GW3/f:apmm2dBCNGNcHplPjY
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader