gcleaner | bf0c7be4aadb86b7edc3bb943e3e4c266388e5cd0c25f5159035aae25512162c | Triage

Sharing

General

Target

bf0c7be4aadb86b7edc3bb943e3e4c266388e5cd0c25f5159035aae25512162c
Size

422KB
Sample

240911-y86m5ssakg
MD5

9de5bc01185d8d932970172bfbc23b6e
SHA1

036651752b3dbeb1464bfe2552af921b5d150a07
SHA256

bf0c7be4aadb86b7edc3bb943e3e4c266388e5cd0c25f5159035aae25512162c
SHA512

051962dece9db14b3b714904f365ff4a29f97158aebb50085d26dbd19a2c26a1745a47f11f0a22cfae8a3b667d06af2ba434bb01e26f0f980dc66da3a84a5636
SSDEEP

6144:FPY1SX+xv/QjGWmYqXiNSb5jzFUrBiJU0X4FbaqqLsEqydUXD+PSHP6B:i17/0gMNSNjzFQiC0XVxLsEqxXxHi

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  bf0c7be4aadb86b7edc3bb943e3e4c266388e5cd0c25f5159035aae25512162c
- Size
  
  422KB
- MD5
  
  9de5bc01185d8d932970172bfbc23b6e
- SHA1
  
  036651752b3dbeb1464bfe2552af921b5d150a07
- SHA256
  
  bf0c7be4aadb86b7edc3bb943e3e4c266388e5cd0c25f5159035aae25512162c
- SHA512
  
  051962dece9db14b3b714904f365ff4a29f97158aebb50085d26dbd19a2c26a1745a47f11f0a22cfae8a3b667d06af2ba434bb01e26f0f980dc66da3a84a5636
- SSDEEP
  
  6144:FPY1SX+xv/QjGWmYqXiNSb5jzFUrBiJU0X4FbaqqLsEqydUXD+PSHP6B:i17/0gMNSNjzFQiC0XVxLsEqxXxHi
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader