gcleaner | 5882a88112a9dcef9b82dfc320172e4e269d22cd63f50470bbf7759ec9dadc35 | Triage

Sharing

General

Target

5882a88112a9dcef9b82dfc320172e4e269d22cd63f50470bbf7759ec9dadc35
Size

431KB
Sample

240911-mn68dswfkb
MD5

4e2ec0d83765c97981b5bc455cf3a846
SHA1

2df312fae2e5283e4ff921ade27c635b1ec02be5
SHA256

5882a88112a9dcef9b82dfc320172e4e269d22cd63f50470bbf7759ec9dadc35
SHA512

4d15d34798a905e9a870e502c1a78fef00a2606042a8e3100b81345be6d9b95bec61db9a39ba56df6977a14749769938b6ae94f12bc2a801747a215dc57a8fec
SSDEEP

6144:wVe6a7Y5I8+Y+uPVE7JrMX3YurjXMIa/Q4bzM46lAqLT/mO+pUo4YDeOK+l8O:x6CYAYNPVBY88IJ4brJWT/y+o4Y/b

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  5882a88112a9dcef9b82dfc320172e4e269d22cd63f50470bbf7759ec9dadc35
- Size
  
  431KB
- MD5
  
  4e2ec0d83765c97981b5bc455cf3a846
- SHA1
  
  2df312fae2e5283e4ff921ade27c635b1ec02be5
- SHA256
  
  5882a88112a9dcef9b82dfc320172e4e269d22cd63f50470bbf7759ec9dadc35
- SHA512
  
  4d15d34798a905e9a870e502c1a78fef00a2606042a8e3100b81345be6d9b95bec61db9a39ba56df6977a14749769938b6ae94f12bc2a801747a215dc57a8fec
- SSDEEP
  
  6144:wVe6a7Y5I8+Y+uPVE7JrMX3YurjXMIa/Q4bzM46lAqLT/mO+pUo4YDeOK+l8O:x6CYAYNPVBY88IJ4brJWT/y+o4Y/b
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader