gcleaner | 3e0cc394d2ecaea0002e3303beb4465604a7d44670cd5752d44d107ca733bc2c | Triage

Sharing

General

Target

3e0cc394d2ecaea0002e3303beb4465604a7d44670cd5752d44d107ca733bc2c
Size

3.3MB
Sample

241004-ys6yzatdkk
MD5

cf3090e3b1ef89b074a1abc416b264f0
SHA1

c15b5c72185c43d1e3aa4e3727e579fccfba1906
SHA256

3e0cc394d2ecaea0002e3303beb4465604a7d44670cd5752d44d107ca733bc2c
SHA512

40bde43cef15b70df1c9e194df25b91abfa9d4b5c7bdb0d25b757404725f0ef0f705b985dde78522fc2bfb0bd1e419dc339a76c201ccafb3d48c02a00b606c2f
SSDEEP

98304:m0tFNMxDHrKZ6Qu9Pw98m887AbCs7CWjRs90:m0tFNMxDLKZx0

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

45.139.105.171

85.31.46.167

107.182.129.235

171.22.30.106

Targets

- Target
  
  3e0cc394d2ecaea0002e3303beb4465604a7d44670cd5752d44d107ca733bc2c
- Size
  
  3.3MB
- MD5
  
  cf3090e3b1ef89b074a1abc416b264f0
- SHA1
  
  c15b5c72185c43d1e3aa4e3727e579fccfba1906
- SHA256
  
  3e0cc394d2ecaea0002e3303beb4465604a7d44670cd5752d44d107ca733bc2c
- SHA512
  
  40bde43cef15b70df1c9e194df25b91abfa9d4b5c7bdb0d25b757404725f0ef0f705b985dde78522fc2bfb0bd1e419dc339a76c201ccafb3d48c02a00b606c2f
- SSDEEP
  
  98304:m0tFNMxDHrKZ6Qu9Pw98m887AbCs7CWjRs90:m0tFNMxDLKZx0
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader