gcleaner | 76c6729c20c95f1102082bb7af14713e8797f750db7f5bcde4ab507011ef05f4 | Triage

Sharing

General

Target

76c6729c20c95f1102082bb7af14713e8797f750db7f5bcde4ab507011ef05f4
Size

388KB
Sample

240909-zkf81sygrm
MD5

7c8a91f6fdcc13734b0b6e2291ff4d98
SHA1

e900c9645c8a0883820306f37fd56ae983625ac1
SHA256

76c6729c20c95f1102082bb7af14713e8797f750db7f5bcde4ab507011ef05f4
SHA512

85a341a5f9be6bbbce9a07b10ae9181c94129948e8238afbd2110a5e6527531320d9dc07cee36aed67010e618ecb500ab178190c99909791ed7bbe2c76bc0bef
SSDEEP

6144:p9I32m12dx4lkg6gUSbyBms4KuELE4OHja1jjY/f:pamm2d0rUoims4Jz4OE

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  76c6729c20c95f1102082bb7af14713e8797f750db7f5bcde4ab507011ef05f4
- Size
  
  388KB
- MD5
  
  7c8a91f6fdcc13734b0b6e2291ff4d98
- SHA1
  
  e900c9645c8a0883820306f37fd56ae983625ac1
- SHA256
  
  76c6729c20c95f1102082bb7af14713e8797f750db7f5bcde4ab507011ef05f4
- SHA512
  
  85a341a5f9be6bbbce9a07b10ae9181c94129948e8238afbd2110a5e6527531320d9dc07cee36aed67010e618ecb500ab178190c99909791ed7bbe2c76bc0bef
- SSDEEP
  
  6144:p9I32m12dx4lkg6gUSbyBms4KuELE4OHja1jjY/f:pamm2d0rUoims4Jz4OE
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader