gcleaner | 46964876bdc2485106520ced0f1036c42948c5bf4bc09615bd5688adf8344406 | Triage

Sharing

General

Target

2025-02-15_2aa5f03e148fd608eefae6dea384324c_frostygoop_poet-rat_snatch
Size

4.7MB
Sample

250215-px3yfa1nhl
MD5

2aa5f03e148fd608eefae6dea384324c
SHA1

419d4ffe0e152248f96e51b9ce039d02401ebfbe
SHA256

46964876bdc2485106520ced0f1036c42948c5bf4bc09615bd5688adf8344406
SHA512

6129e725a9370aef1bef4289de87a32b99e4810ca536c8ec57376b770338bc0c2c94486a8c8412c26f34e2234aa8b4a1f53f2e57c68f3d6cc863a3ca951c2606
SSDEEP

49152:y7vZth/GaL4YCzxuhb/6EBPy1m/LfaZR3qsKbXasMj2FVthObuimRFRBn6x1wh:yLZthuaL45uhb/6C6193SObudB

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

185.156.73.73

Targets

- Target
  
  2025-02-15_2aa5f03e148fd608eefae6dea384324c_frostygoop_poet-rat_snatch
- Size
  
  4.7MB
- MD5
  
  2aa5f03e148fd608eefae6dea384324c
- SHA1
  
  419d4ffe0e152248f96e51b9ce039d02401ebfbe
- SHA256
  
  46964876bdc2485106520ced0f1036c42948c5bf4bc09615bd5688adf8344406
- SHA512
  
  6129e725a9370aef1bef4289de87a32b99e4810ca536c8ec57376b770338bc0c2c94486a8c8412c26f34e2234aa8b4a1f53f2e57c68f3d6cc863a3ca951c2606
- SSDEEP
  
  49152:y7vZth/GaL4YCzxuhb/6EBPy1m/LfaZR3qsKbXasMj2FVthObuimRFRBn6x1wh:yLZthuaL45uhb/6C6193SObudB
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
- Downloads MZ/PE file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader