gcleaner | 993f3fb15e0541e69324fb91c57c7a56faef6aed850a351aa06ea158a8d16bcf | Triage

Sharing

General

Target

993f3fb15e0541e69324fb91c57c7a56faef6aed850a351aa06ea158a8d16bcf
Size

284KB
Sample

240910-s4t6na1bpl
MD5

da36342aa76df48b676a5a3787c53c15
SHA1

3595579569d10f9c1896ec8b0bb695087c137599
SHA256

993f3fb15e0541e69324fb91c57c7a56faef6aed850a351aa06ea158a8d16bcf
SHA512

a0a47c16a37dde64a33e1eb9945401aca61dbac7cb5e2c29edcfbc685e4b1bdf696b7e06460b037ad74e6b11d66fecd5f6dadb222b2cf6b1f3e7dc66452061e2
SSDEEP

6144:5Lx6g2oXwn78/bfkWO/OpvtknVZoVlfGmuQTdJfJZ:Vx32oM78gWOslknroP+mhdJRZ

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  993f3fb15e0541e69324fb91c57c7a56faef6aed850a351aa06ea158a8d16bcf
- Size
  
  284KB
- MD5
  
  da36342aa76df48b676a5a3787c53c15
- SHA1
  
  3595579569d10f9c1896ec8b0bb695087c137599
- SHA256
  
  993f3fb15e0541e69324fb91c57c7a56faef6aed850a351aa06ea158a8d16bcf
- SHA512
  
  a0a47c16a37dde64a33e1eb9945401aca61dbac7cb5e2c29edcfbc685e4b1bdf696b7e06460b037ad74e6b11d66fecd5f6dadb222b2cf6b1f3e7dc66452061e2
- SSDEEP
  
  6144:5Lx6g2oXwn78/bfkWO/OpvtknVZoVlfGmuQTdJfJZ:Vx32oM78gWOslknroP+mhdJRZ
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader