gcleaner | 175fbd495e1e67dc9e90b8e9b1f77ca5d89adbde3bf3ffae9bd5ecbe53750e27 | Triage

Sharing

General

Target

175fbd495e1e67dc9e90b8e9b1f77ca5d89adbde3bf3ffae9bd5ecbe53750e27
Size

1.2MB
Sample

241127-yvn6yavkal
MD5

5e7ddeea0fe1a35171d3fd5f20be44b2
SHA1

815909a17584b54daf22e8180da126dad145f003
SHA256

175fbd495e1e67dc9e90b8e9b1f77ca5d89adbde3bf3ffae9bd5ecbe53750e27
SHA512

6825218feb64830a66b5e6211fe5a372b2bc2da7625f43647b8037f082adb62110ef671e186cd0c1be3b993a1072439319d23a70b4683ea3a85ca90ba67b2d5c
SSDEEP

24576:ypni2fBswduqbfaK3jnqPhoRiWkClW1mTy+dGMH43ybCYvWT4kq0E2Itf9fNXp:wiKswUqr37QhoRZpTyV6IyGYO8Tntf9X

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

85.31.45.39

85.31.45.250

85.31.45.251

85.31.45.88

Attributes

url_path
/b.php

/d.php

/d.php

Targets

- Target
  
  175fbd495e1e67dc9e90b8e9b1f77ca5d89adbde3bf3ffae9bd5ecbe53750e27
- Size
  
  1.2MB
- MD5
  
  5e7ddeea0fe1a35171d3fd5f20be44b2
- SHA1
  
  815909a17584b54daf22e8180da126dad145f003
- SHA256
  
  175fbd495e1e67dc9e90b8e9b1f77ca5d89adbde3bf3ffae9bd5ecbe53750e27
- SHA512
  
  6825218feb64830a66b5e6211fe5a372b2bc2da7625f43647b8037f082adb62110ef671e186cd0c1be3b993a1072439319d23a70b4683ea3a85ca90ba67b2d5c
- SSDEEP
  
  24576:ypni2fBswduqbfaK3jnqPhoRiWkClW1mTy+dGMH43ybCYvWT4kq0E2Itf9fNXp:wiKswUqr37QhoRZpTyV6IyGYO8Tntf9X
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader