gcleaner | d7f5cf9de544d3ff20dd8bd91bb52014b8c48eb180745e734c9f8fdd9c08cea4 | Triage

Sharing

General

Target

d7f5cf9de544d3ff20dd8bd91bb52014b8c48eb180745e734c9f8fdd9c08cea4
Size

421KB
Sample

240911-z61jsatfpf
MD5

b6b650f384755ff068e42c39d4cdc66f
SHA1

30b59e0b7700edd5c442c9b5a99279fcc8baaed0
SHA256

d7f5cf9de544d3ff20dd8bd91bb52014b8c48eb180745e734c9f8fdd9c08cea4
SHA512

130e2d89ed42927e7ce9ae6346a3f53ec74a7d236653ab319faa01b452d9575f1fb7c6a20b3fa746249db112dc0437e32ae3928fee6fb644ec3ca2b5bbd19e22
SSDEEP

6144:/PgcSXx2Ltd043jKKYMZsbA/fRoc+hpFQAYNsBtHP6B:gcttilnuKhEAYNstHi

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

45.91.200.135

Targets

- Target
  
  d7f5cf9de544d3ff20dd8bd91bb52014b8c48eb180745e734c9f8fdd9c08cea4
- Size
  
  421KB
- MD5
  
  b6b650f384755ff068e42c39d4cdc66f
- SHA1
  
  30b59e0b7700edd5c442c9b5a99279fcc8baaed0
- SHA256
  
  d7f5cf9de544d3ff20dd8bd91bb52014b8c48eb180745e734c9f8fdd9c08cea4
- SHA512
  
  130e2d89ed42927e7ce9ae6346a3f53ec74a7d236653ab319faa01b452d9575f1fb7c6a20b3fa746249db112dc0437e32ae3928fee6fb644ec3ca2b5bbd19e22
- SSDEEP
  
  6144:/PgcSXx2Ltd043jKKYMZsbA/fRoc+hpFQAYNsBtHP6B:gcttilnuKhEAYNstHi
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader