gcleaner | e31040379c3d52a7fdec6d069aee1e3405b96dbef54b6615c840018a847e25c9 | Triage

Sharing

General

Target

e31040379c3d52a7fdec6d069aee1e3405b96dbef54b6615c840018a847e25c9.exe
Size

1.7MB
Sample

250108-lz98ravndx
MD5

626dfce30710d112f0563dd0f9f296d2
SHA1

f8a95133d85aa2d3f98cf0ab73bc6c4f77ff7d3b
SHA256

e31040379c3d52a7fdec6d069aee1e3405b96dbef54b6615c840018a847e25c9
SHA512

f1954d85cb7e611a3205dc8dc9c6bace06d0bda72469af4f1a80a54bc2d7e365faea0e43b10e9f4d3b2ad2a9a9d2d073039876a38cd0ee65fb82d6ea1203b995
SSDEEP

24576:Z2eCpjpu8m1qhM2aznGWBOkNwLanIMt8K1373E2hSCWyZnZ57dYC51V3AfY2Q1v2:Z2du0hlazbUoIMtB1rUS5ZZvYiAA5hu

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

208.67.106.156

37.139.129.24

193.151.183.73

208.67.104.141

Attributes

url_path
/i.php

/get.php

/setup.php

/setup.php

Targets

- Target
  
  e31040379c3d52a7fdec6d069aee1e3405b96dbef54b6615c840018a847e25c9.exe
- Size
  
  1.7MB
- MD5
  
  626dfce30710d112f0563dd0f9f296d2
- SHA1
  
  f8a95133d85aa2d3f98cf0ab73bc6c4f77ff7d3b
- SHA256
  
  e31040379c3d52a7fdec6d069aee1e3405b96dbef54b6615c840018a847e25c9
- SHA512
  
  f1954d85cb7e611a3205dc8dc9c6bace06d0bda72469af4f1a80a54bc2d7e365faea0e43b10e9f4d3b2ad2a9a9d2d073039876a38cd0ee65fb82d6ea1203b995
- SSDEEP
  
  24576:Z2eCpjpu8m1qhM2aznGWBOkNwLanIMt8K1373E2hSCWyZnZ57dYC51V3AfY2Q1v2:Z2du0hlazbUoIMtB1rUS5ZZvYiAA5hu
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader