gcleaner | fa0ef5e399db288cc428920ecaa280c691d7b2f3f8d1239d04f9ed5a99b15632 | Triage

Sharing

General

Target

fa0ef5e399db288cc428920ecaa280c691d7b2f3f8d1239d04f9ed5a99b15632
Size

315KB
Sample

240910-wczhvaxfne
MD5

b1562d245111031645ae8fbf7b8c16f6
SHA1

40db022d23b06ebb05170e1f2556f65e8a37de90
SHA256

fa0ef5e399db288cc428920ecaa280c691d7b2f3f8d1239d04f9ed5a99b15632
SHA512

976837e9945b4aa714c327486037f9e6a2eb2f413d71f7fb18b32ce6255b12e3f7d7b33716f1de080eccb84645b14c6287a4e102ee5842cbbfca2e017e87c7cd
SSDEEP

6144:qEuAXzyPC9/+EUIJVTGPo5N6ZCuQTdJXd:duWzyPecIJ/5N+ChdJXd

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

45.91.200.135

Targets

- Target
  
  fa0ef5e399db288cc428920ecaa280c691d7b2f3f8d1239d04f9ed5a99b15632
- Size
  
  315KB
- MD5
  
  b1562d245111031645ae8fbf7b8c16f6
- SHA1
  
  40db022d23b06ebb05170e1f2556f65e8a37de90
- SHA256
  
  fa0ef5e399db288cc428920ecaa280c691d7b2f3f8d1239d04f9ed5a99b15632
- SHA512
  
  976837e9945b4aa714c327486037f9e6a2eb2f413d71f7fb18b32ce6255b12e3f7d7b33716f1de080eccb84645b14c6287a4e102ee5842cbbfca2e017e87c7cd
- SSDEEP
  
  6144:qEuAXzyPC9/+EUIJVTGPo5N6ZCuQTdJXd:duWzyPecIJ/5N+ChdJXd
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader