gcleaner | a3f9164f9adb978ab569b0c710f0071d0d69770083e9db565a1c0ebc35ecbac5 | Triage

Sharing

General

Target

JaffaCakes118_a3f9164f9adb978ab569b0c710f0071d0d69770083e9db565a1c0ebc35ecbac5
Size

2.4MB
Sample

241228-3vf8jsvrgz
MD5

5fd7ee05cd30112df078a26c341cad0e
SHA1

b157fcb72db1abc5693009c3ee9278dcebd1229d
SHA256

a3f9164f9adb978ab569b0c710f0071d0d69770083e9db565a1c0ebc35ecbac5
SHA512

a648a0c5e7a6285dcde8d870977df0e5928f1e134270a8573043c2a8177be711601039307f5bc1a6555a7ab7847548ea1923d4ef7973432dbd65b6be1ad6ae6b
SSDEEP

49152:qFJT2CA3Le0M11EPm9pe5XaQCl2X1nT9kTqH3p9Skhm:EQCA3LxPQlQCl2Z6xqm

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

45.15.156.54

85.31.46.167

107.182.129.235

171.22.30.106

Targets

- Target
  
  df440e30124aea35c94ecca6579ceed14e189854e052aec6dd63373136079e34
- Size
  
  2.4MB
- MD5
  
  40c7cccda874d15c1bc8097aca039975
- SHA1
  
  a2055cbebd33af81f49e656ce229e77862f8d58c
- SHA256
  
  df440e30124aea35c94ecca6579ceed14e189854e052aec6dd63373136079e34
- SHA512
  
  f907c98f1b52dfb6579d822594edb6d4dd45f349eb5e3deea28264c6065dc8a590db16b0ee3005e63a21e78759008b97a821ff4172a7911050ebcf3cd848fc1c
- SSDEEP
  
  49152:Z2sFppECA/lcgi9xyP89VE5rakel2XRv5Zkra1NfrA5hq:MesCA/lPP8Fkel2Bw1Dq
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader