gcleaner | bba9ef718db5388cef26ecba094ce56e0f4e064578420273849aaaecb9817506 | Triage

Sharing

General

Target

bba9ef718db5388cef26ecba094ce56e0f4e064578420273849aaaecb9817506
Size

396KB
Sample

240925-bvr69szcma
MD5

0f33ff53b9210572cafe2be67271299e
SHA1

70ce382525aa4945ee39c1b515b607ff520888ac
SHA256

bba9ef718db5388cef26ecba094ce56e0f4e064578420273849aaaecb9817506
SHA512

e06a92df15453937b7215f56570d0c205c757f7cee511c62f817e22f30652c45b27d0796ec03b3eea8717b51c3bdd00293cdceddaf895507dc112a7f43362997
SSDEEP

6144:bNJOpHTb4G1hjMknKLOur6b7eviBrp12KsCqln5eOlK8:b/OpHTkG1hjrKLuaq12KalQcK8

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

45.91.200.135

Targets

- Target
  
  bba9ef718db5388cef26ecba094ce56e0f4e064578420273849aaaecb9817506
- Size
  
  396KB
- MD5
  
  0f33ff53b9210572cafe2be67271299e
- SHA1
  
  70ce382525aa4945ee39c1b515b607ff520888ac
- SHA256
  
  bba9ef718db5388cef26ecba094ce56e0f4e064578420273849aaaecb9817506
- SHA512
  
  e06a92df15453937b7215f56570d0c205c757f7cee511c62f817e22f30652c45b27d0796ec03b3eea8717b51c3bdd00293cdceddaf895507dc112a7f43362997
- SSDEEP
  
  6144:bNJOpHTb4G1hjMknKLOur6b7eviBrp12KsCqln5eOlK8:b/OpHTkG1hjrKLuaq12KalQcK8
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader