gcleaner | 760173208474fa5b3662e23f0e93e801039a4620742e1fe6320df957c56733ed | Triage

Sharing

General

Target

2025-02-13_bf16abb42bdb97f9de029e87d31e601a_frostygoop_poet-rat_snatch
Size

5.5MB
Sample

250213-w6fmtsskg1
MD5

bf16abb42bdb97f9de029e87d31e601a
SHA1

88fde49432b19bda3e3b862fa6e1176a1a7313d0
SHA256

760173208474fa5b3662e23f0e93e801039a4620742e1fe6320df957c56733ed
SHA512

ac135fe0dca1fb68537b7335425af19d62f258305fddd49dcf98cafbbee31694aae270f8d80c159fd05d570a235817f47673b3e08ad5f67be6b511a3506bd213
SSDEEP

49152:LzikuIWPcm0REb8jG+4wV7wuvpJDW24qx49j+OYdP2lvRk2ZRC6AzAYThB4KmR1X:LGcWPhCm8jGAVw920Yd3rJ3uT

Score

10^/10

gcleaner discovery loader

Malware Config

Targets

- Target
  
  2025-02-13_bf16abb42bdb97f9de029e87d31e601a_frostygoop_poet-rat_snatch
- Size
  
  5.5MB
- MD5
  
  bf16abb42bdb97f9de029e87d31e601a
- SHA1
  
  88fde49432b19bda3e3b862fa6e1176a1a7313d0
- SHA256
  
  760173208474fa5b3662e23f0e93e801039a4620742e1fe6320df957c56733ed
- SHA512
  
  ac135fe0dca1fb68537b7335425af19d62f258305fddd49dcf98cafbbee31694aae270f8d80c159fd05d570a235817f47673b3e08ad5f67be6b511a3506bd213
- SSDEEP
  
  49152:LzikuIWPcm0REb8jG+4wV7wuvpJDW24qx49j+OYdP2lvRk2ZRC6AzAYThB4KmR1X:LGcWPhCm8jGAVw920Yd3rJ3uT
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
- Downloads MZ/PE file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader