gcleaner | efec912465df5c55b4764e0277aa4c4c549e612b4f3c5abf77aaec647729f78a | Triage

Sharing

General

Target

efec912465df5c55b4764e0277aa4c4c549e612b4f3c5abf77aaec647729f78a
Size

4KB
Sample

240923-fv1wmawhmb
MD5

ddc9229a87f36e9d555ddae1c8d4ac09
SHA1

e902d5ab723fa81913dd73999da9778781647c28
SHA256

efec912465df5c55b4764e0277aa4c4c549e612b4f3c5abf77aaec647729f78a
SHA512

08b5ad94168bf90bae2f2917fde1b2a36650845fdcb23881d76ddddae73359fbd774c92083ba03a84083c48d4922afb339c637d49dfa67fbf9eb95b3bf86baa6
SSDEEP

48:66sn7l2zMdoHSe0rHNMMb9Y7VxCioXsTfxZsFtow/ljhFvCFipfbNtm:PYqX9VxCJ8U/3F5zNt

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

45.91.200.135

Targets

- Target
  
  efec912465df5c55b4764e0277aa4c4c549e612b4f3c5abf77aaec647729f78a
- Size
  
  4KB
- MD5
  
  ddc9229a87f36e9d555ddae1c8d4ac09
- SHA1
  
  e902d5ab723fa81913dd73999da9778781647c28
- SHA256
  
  efec912465df5c55b4764e0277aa4c4c549e612b4f3c5abf77aaec647729f78a
- SHA512
  
  08b5ad94168bf90bae2f2917fde1b2a36650845fdcb23881d76ddddae73359fbd774c92083ba03a84083c48d4922afb339c637d49dfa67fbf9eb95b3bf86baa6
- SSDEEP
  
  48:66sn7l2zMdoHSe0rHNMMb9Y7VxCioXsTfxZsFtow/ljhFvCFipfbNtm:PYqX9VxCJ8U/3F5zNt
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader