gcleaner | 77d8be660bb9dc92c1151c461bea62c79c0652f25cb0f897b0b0f1bb49430be7 | Triage

Sharing

General

Target

2025-02-04_b73cc06e1fe42d31925a6be58f407885_frostygoop_poet-rat_snatch
Size

9.8MB
Sample

250204-wbjq1avkew
MD5

b73cc06e1fe42d31925a6be58f407885
SHA1

e172f5f287103bb43c6d87e134bd878f77dd8722
SHA256

77d8be660bb9dc92c1151c461bea62c79c0652f25cb0f897b0b0f1bb49430be7
SHA512

44efb22a1c5877e18d7098aad0de37395f55578c44546d68d975f6c34f1defce9ea51f87661bb3f5b6229fc824506c571f754d280dec5413e33ba4b66f70ad1b
SSDEEP

196608:lMs9qdf/UdQFWzrbBIe9kQMAnJ9jpPtnWED:OEcFWzfBIe9kQMAnJ9jpPtnW

Score

10^/10

gcleaner discovery loader

Malware Config

Targets

- Target
  
  2025-02-04_b73cc06e1fe42d31925a6be58f407885_frostygoop_poet-rat_snatch
- Size
  
  9.8MB
- MD5
  
  b73cc06e1fe42d31925a6be58f407885
- SHA1
  
  e172f5f287103bb43c6d87e134bd878f77dd8722
- SHA256
  
  77d8be660bb9dc92c1151c461bea62c79c0652f25cb0f897b0b0f1bb49430be7
- SHA512
  
  44efb22a1c5877e18d7098aad0de37395f55578c44546d68d975f6c34f1defce9ea51f87661bb3f5b6229fc824506c571f754d280dec5413e33ba4b66f70ad1b
- SSDEEP
  
  196608:lMs9qdf/UdQFWzrbBIe9kQMAnJ9jpPtnWED:OEcFWzfBIe9kQMAnJ9jpPtnW
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
- Downloads MZ/PE file
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader