gcleaner | 13d1bc53ce1c7416e27758642e7d1391a8389fe5603278effeac505fd4db8db9 | Triage

Sharing

General

Target

2025-02-22_134d16a85d72262a49186566a9c7763a_frostygoop_poet-rat_snatch
Size

9.8MB
Sample

250222-ax36watme1
MD5

134d16a85d72262a49186566a9c7763a
SHA1

e9f3f6bcdb127f19a00472308a1bf996334aba07
SHA256

13d1bc53ce1c7416e27758642e7d1391a8389fe5603278effeac505fd4db8db9
SHA512

830e0431feacfd8a3557a7bd07ecdefae008e2debfed6a2f41ef5452d23cd60fb8b29e35a5ffcd50e9abe3ad7feb0a9d8a2a98794454dbde557f05d7b861a02b
SSDEEP

196608:lMs9qdf/UdQFWzrbBIe9kQMAnJ9jpPtnWEDJ:OEcFWzfBIe9kQMAnJ9jpPtnWY

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

185.156.73.23

Targets

- Target
  
  2025-02-22_134d16a85d72262a49186566a9c7763a_frostygoop_poet-rat_snatch
- Size
  
  9.8MB
- MD5
  
  134d16a85d72262a49186566a9c7763a
- SHA1
  
  e9f3f6bcdb127f19a00472308a1bf996334aba07
- SHA256
  
  13d1bc53ce1c7416e27758642e7d1391a8389fe5603278effeac505fd4db8db9
- SHA512
  
  830e0431feacfd8a3557a7bd07ecdefae008e2debfed6a2f41ef5452d23cd60fb8b29e35a5ffcd50e9abe3ad7feb0a9d8a2a98794454dbde557f05d7b861a02b
- SSDEEP
  
  196608:lMs9qdf/UdQFWzrbBIe9kQMAnJ9jpPtnWEDJ:OEcFWzfBIe9kQMAnJ9jpPtnWY
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader