gcleaner | 580c9be818a132187893140df8275ff725d10ece959a4a251514c3f42d909e66 | Triage

Sharing

General

Target

2025-02-22_e7117fa39e9cc155f89e4a490a73ade0_frostygoop_poet-rat_snatch
Size

6.3MB
Sample

250222-dcmvyaxjbn
MD5

e7117fa39e9cc155f89e4a490a73ade0
SHA1

839d08fdf4e04cf5cdf2957372466b86c26b3e73
SHA256

580c9be818a132187893140df8275ff725d10ece959a4a251514c3f42d909e66
SHA512

a3bbaf5f3b2288adde4400bb14aaf344707e385c2235caba1b5106d97083899ea853e293bb70fa740b4fe059c5644ef6b596ae450506db34c5ea03224c917e76
SSDEEP

49152:sPJ8IaL73KtaDF+IUGacgR7UivwqO+EUTfQiNYzihzC3z5KR0obzT6YAFr6x1p8t:8J8IkD4GUIBaRGWwsQWGtzooFqJoXKhE

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

185.156.73.73

Targets

- Target
  
  2025-02-22_e7117fa39e9cc155f89e4a490a73ade0_frostygoop_poet-rat_snatch
- Size
  
  6.3MB
- MD5
  
  e7117fa39e9cc155f89e4a490a73ade0
- SHA1
  
  839d08fdf4e04cf5cdf2957372466b86c26b3e73
- SHA256
  
  580c9be818a132187893140df8275ff725d10ece959a4a251514c3f42d909e66
- SHA512
  
  a3bbaf5f3b2288adde4400bb14aaf344707e385c2235caba1b5106d97083899ea853e293bb70fa740b4fe059c5644ef6b596ae450506db34c5ea03224c917e76
- SSDEEP
  
  49152:sPJ8IaL73KtaDF+IUGacgR7UivwqO+EUTfQiNYzihzC3z5KR0obzT6YAFr6x1p8t:8J8IkD4GUIBaRGWwsQWGtzooFqJoXKhE
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader