gcleaner | eb973f49b1db6de54471ee34d668e4f1fb079b856a311284abe41d115e2c85ad | Triage

Sharing

General

Target

eb973f49b1db6de54471ee34d668e4f1fb079b856a311284abe41d115e2c85ad
Size

431KB
Sample

240911-kekxpasbjf
MD5

bb228b1ce76ee8fc38f2085e37f28236
SHA1

d3b5540cbdb18215178b4bf1042d5f5d41af1ee1
SHA256

eb973f49b1db6de54471ee34d668e4f1fb079b856a311284abe41d115e2c85ad
SHA512

d444b4f95f54ad549aa739f11b7a4e8eca8663db573a6e5304c60f223fe70bad2b61cc6964351a53e7373548c1ff5b4ed10dec1d705fef3a4d8f70a152ebeb20
SSDEEP

6144:XNXYiQbRBVW4qzPUgwwkKPvetP+ZsRBFufhPklb80PfAOK+l8O:RY1bZqzRwwkKOhUpKb8Ktb

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

45.91.200.135

Targets

- Target
  
  eb973f49b1db6de54471ee34d668e4f1fb079b856a311284abe41d115e2c85ad
- Size
  
  431KB
- MD5
  
  bb228b1ce76ee8fc38f2085e37f28236
- SHA1
  
  d3b5540cbdb18215178b4bf1042d5f5d41af1ee1
- SHA256
  
  eb973f49b1db6de54471ee34d668e4f1fb079b856a311284abe41d115e2c85ad
- SHA512
  
  d444b4f95f54ad549aa739f11b7a4e8eca8663db573a6e5304c60f223fe70bad2b61cc6964351a53e7373548c1ff5b4ed10dec1d705fef3a4d8f70a152ebeb20
- SSDEEP
  
  6144:XNXYiQbRBVW4qzPUgwwkKPvetP+ZsRBFufhPklb80PfAOK+l8O:RY1bZqzRwwkKOhUpKb8Ktb
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader