gcleaner | 77f56b5c959a898b785240e63ff4381a86fd639555092a1bed23ff0eb02e4f45 | Triage

Sharing

General

Target

77f56b5c959a898b785240e63ff4381a86fd639555092a1bed23ff0eb02e4f45
Size

315KB
Sample

240911-bb2llatfpj
MD5

7aeff9892ee049121e8f5a0c6aa60a4d
SHA1

72c9ffc93f18188bce98199beb7d633c5c068760
SHA256

77f56b5c959a898b785240e63ff4381a86fd639555092a1bed23ff0eb02e4f45
SHA512

095e43d09b8b9a6c226b395996836dec534f08cb06e8752fa38894b237be04728bd3a16dd39530b9f889e3f08bc20e5fe08e19e73dd0ec4eedc868c1e572bf71
SSDEEP

6144:NR0V8L/ZlOKdgoHRECFE8jqL/QaMylHFTquQTdJLq:NY8L/ZYKd/eL/0QHwhdJLq

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

45.91.200.135

Targets

- Target
  
  77f56b5c959a898b785240e63ff4381a86fd639555092a1bed23ff0eb02e4f45
- Size
  
  315KB
- MD5
  
  7aeff9892ee049121e8f5a0c6aa60a4d
- SHA1
  
  72c9ffc93f18188bce98199beb7d633c5c068760
- SHA256
  
  77f56b5c959a898b785240e63ff4381a86fd639555092a1bed23ff0eb02e4f45
- SHA512
  
  095e43d09b8b9a6c226b395996836dec534f08cb06e8752fa38894b237be04728bd3a16dd39530b9f889e3f08bc20e5fe08e19e73dd0ec4eedc868c1e572bf71
- SSDEEP
  
  6144:NR0V8L/ZlOKdgoHRECFE8jqL/QaMylHFTquQTdJLq:NY8L/ZYKd/eL/0QHwhdJLq
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader