gcleaner | 1d8a6c84cde7b233efb9169db893736922cef5d348a7382745d11c369d01ad6e | Triage

Sharing

General

Target

1d8a6c84cde7b233efb9169db893736922cef5d348a7382745d11c369d01ad6e
Size

316KB
Sample

240910-y6gk8stcnp
MD5

6da3875855dbc38cf2c6bc4b0de845cb
SHA1

46aa05596d717ca6b1828e27e9a8642e1e192175
SHA256

1d8a6c84cde7b233efb9169db893736922cef5d348a7382745d11c369d01ad6e
SHA512

3d132f6d9392cb361682f99c018ccca1648d912f062e4c27023bcab70a71ffe42f06702232014649c629a24c098337c60832cca08a96d0d0426ed72aa5c7dc70
SSDEEP

6144:I7R6+hOT0vf7bKLpC41hBqA5tD2WMOunuSG+w9+uQTdJ6mjZ:I16+hOT0ruoChBhx2WKuSG+Y+hdJ6mjZ

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

45.91.200.135

Targets

- Target
  
  1d8a6c84cde7b233efb9169db893736922cef5d348a7382745d11c369d01ad6e
- Size
  
  316KB
- MD5
  
  6da3875855dbc38cf2c6bc4b0de845cb
- SHA1
  
  46aa05596d717ca6b1828e27e9a8642e1e192175
- SHA256
  
  1d8a6c84cde7b233efb9169db893736922cef5d348a7382745d11c369d01ad6e
- SHA512
  
  3d132f6d9392cb361682f99c018ccca1648d912f062e4c27023bcab70a71ffe42f06702232014649c629a24c098337c60832cca08a96d0d0426ed72aa5c7dc70
- SSDEEP
  
  6144:I7R6+hOT0vf7bKLpC41hBqA5tD2WMOunuSG+w9+uQTdJ6mjZ:I16+hOT0ruoChBhx2WKuSG+Y+hdJ6mjZ
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader