gcleaner | d0d7a1de53c54e797ebd24755c77c4184a9db77c2d0c820528e8aaad4d37c6b6 | Triage

Sharing

General

Target

2025-02-16_a9a1fe2cd02850c9e1234a38b5e36f1b_frostygoop_poet-rat_snatch
Size

6.2MB
Sample

250216-bg71katpcn
MD5

a9a1fe2cd02850c9e1234a38b5e36f1b
SHA1

7ff8c32789d5917d64337fdea76a31881b2d8a21
SHA256

d0d7a1de53c54e797ebd24755c77c4184a9db77c2d0c820528e8aaad4d37c6b6
SHA512

84bb6b3c83eb7cd8b60df21c98485a24950c405cef4dee19b8ebac7e4a0f29a95839925864c8f91931b2032d340104d5a2fe934a144a3f812d23fc36a18819cc
SSDEEP

49152:rVl2sGgWlLyJBR1KjrSzebv/SRFDiBk8KeauKIZTO43saaTAd3paGHEBvLyzxjdZ:resGV9yJj1KjrG6vjk3uKISe2CdZ

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

185.156.73.73

Targets

- Target
  
  2025-02-16_a9a1fe2cd02850c9e1234a38b5e36f1b_frostygoop_poet-rat_snatch
- Size
  
  6.2MB
- MD5
  
  a9a1fe2cd02850c9e1234a38b5e36f1b
- SHA1
  
  7ff8c32789d5917d64337fdea76a31881b2d8a21
- SHA256
  
  d0d7a1de53c54e797ebd24755c77c4184a9db77c2d0c820528e8aaad4d37c6b6
- SHA512
  
  84bb6b3c83eb7cd8b60df21c98485a24950c405cef4dee19b8ebac7e4a0f29a95839925864c8f91931b2032d340104d5a2fe934a144a3f812d23fc36a18819cc
- SSDEEP
  
  49152:rVl2sGgWlLyJBR1KjrSzebv/SRFDiBk8KeauKIZTO43saaTAd3paGHEBvLyzxjdZ:resGV9yJj1KjrG6vjk3uKISe2CdZ
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
- Downloads MZ/PE file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader