gcleaner | 0da43f879e4207fae509199b92e90b762dadb9deb6e090a6c6845465af753a2c | Triage

Sharing

General

Target

0da43f879e4207fae509199b92e90b762dadb9deb6e090a6c6845465af753a2c
Size

388KB
Sample

240910-at7pwsxhlk
MD5

2f5caba365df69bb9f341d089191234d
SHA1

674e5820323ece8c39d71345d182304421024b72
SHA256

0da43f879e4207fae509199b92e90b762dadb9deb6e090a6c6845465af753a2c
SHA512

45e4f737c6a206bb6e53f18ab8eab5edab6e95d89946119305ccff2faef0ea9e45ab124a018343160d239cf11ea5dd75d65c8f8ced3da42699f55f97bf32b013
SSDEEP

6144:DynO2dYn6tT+xsHdzSV9110IDB7hgSCaeIif:DKFC6tT+6Hd9IDBNgX6

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

45.91.200.135

Targets

- Target
  
  0da43f879e4207fae509199b92e90b762dadb9deb6e090a6c6845465af753a2c
- Size
  
  388KB
- MD5
  
  2f5caba365df69bb9f341d089191234d
- SHA1
  
  674e5820323ece8c39d71345d182304421024b72
- SHA256
  
  0da43f879e4207fae509199b92e90b762dadb9deb6e090a6c6845465af753a2c
- SHA512
  
  45e4f737c6a206bb6e53f18ab8eab5edab6e95d89946119305ccff2faef0ea9e45ab124a018343160d239cf11ea5dd75d65c8f8ced3da42699f55f97bf32b013
- SSDEEP
  
  6144:DynO2dYn6tT+xsHdzSV9110IDB7hgSCaeIif:DKFC6tT+6Hd9IDBNgX6
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader