gcleaner | d1b22013a322d2d3f3a050b900c3270466bb519da68e27f6f6afaa9bdc3383c7 | Triage

Sharing

General

Target

d1b22013a322d2d3f3a050b900c3270466bb519da68e27f6f6afaa9bdc3383c7
Size

433KB
Sample

240911-tfvmyszdmd
MD5

9cc935239389f22692847a3d233c2878
SHA1

8ea6d552fcec446433ee3b1970ffd8fb7e22db1c
SHA256

d1b22013a322d2d3f3a050b900c3270466bb519da68e27f6f6afaa9bdc3383c7
SHA512

08e484f13d7990f2174d0157496de1f6a4b66fce1620eda42cbc9c09bbd9896ecd0ae36fcbda19f8d3186bc5eb165d03b09ca9b911f2c0c6bf6964f18305300e
SSDEEP

6144:3tDlEnMXd+d0AxFKDunWAgKEt7HecOEwlJkT7g0+HP6B:hlYMXY62KqBgvV+J/h0+Hi

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

45.91.200.135

Targets

- Target
  
  d1b22013a322d2d3f3a050b900c3270466bb519da68e27f6f6afaa9bdc3383c7
- Size
  
  433KB
- MD5
  
  9cc935239389f22692847a3d233c2878
- SHA1
  
  8ea6d552fcec446433ee3b1970ffd8fb7e22db1c
- SHA256
  
  d1b22013a322d2d3f3a050b900c3270466bb519da68e27f6f6afaa9bdc3383c7
- SHA512
  
  08e484f13d7990f2174d0157496de1f6a4b66fce1620eda42cbc9c09bbd9896ecd0ae36fcbda19f8d3186bc5eb165d03b09ca9b911f2c0c6bf6964f18305300e
- SSDEEP
  
  6144:3tDlEnMXd+d0AxFKDunWAgKEt7HecOEwlJkT7g0+HP6B:hlYMXY62KqBgvV+J/h0+Hi
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader