gcleaner | 8ded9d7cef5600c9d72e45d6f4377ff03c8182b1d854a15788c3de3fae8b0049 | Triage

Sharing

General

Target

mixfour.exe
Size

432KB
Sample

250114-zwhk8azma1
MD5

29382d3310460696a70e00e314830631
SHA1

a8c47074f6105d49dc5c84ef4fd217902d8101a5
SHA256

8ded9d7cef5600c9d72e45d6f4377ff03c8182b1d854a15788c3de3fae8b0049
SHA512

80e74872568d02c3243bd517987cf16e39fa38c1f698d90133c892bbd73c9179771d823edbd9948a7e6507fabf52a190ca46c09758ee0ecfac41a4743759a6a7
SSDEEP

6144:3Q/QJLKGXoDN8/k9FMBBcz/ZnNG88X3rNFzeobg2yrgbJ8W1bVpmIks261T:3Q/QJGGXZoYuTZN8xFzyrWJ8mbJkmh

Score

10^/10

gcleaner discovery loader

Malware Config

Targets

- Target
  
  mixfour.exe
- Size
  
  432KB
- MD5
  
  29382d3310460696a70e00e314830631
- SHA1
  
  a8c47074f6105d49dc5c84ef4fd217902d8101a5
- SHA256
  
  8ded9d7cef5600c9d72e45d6f4377ff03c8182b1d854a15788c3de3fae8b0049
- SHA512
  
  80e74872568d02c3243bd517987cf16e39fa38c1f698d90133c892bbd73c9179771d823edbd9948a7e6507fabf52a190ca46c09758ee0ecfac41a4743759a6a7
- SSDEEP
  
  6144:3Q/QJLKGXoDN8/k9FMBBcz/ZnNG88X3rNFzeobg2yrgbJ8W1bVpmIks261T:3Q/QJGGXZoYuTZN8xFzyrWJ8mbJkmh
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
- Downloads MZ/PE file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader