gcleaner | f928de875315f0ec8a25027b5ec20476f59c2ee1de3d9076e884a18ffa744fbf | Triage

Sharing

General

Target

get.exe
Size

6.9MB
Sample

250222-q2wwcsxncl
MD5

4407e12c37de8a5990d74cf40f00f200
SHA1

c2309e32199ae9702d091b319484bca44cb887a4
SHA256

f928de875315f0ec8a25027b5ec20476f59c2ee1de3d9076e884a18ffa744fbf
SHA512

e0c5d53a1a3662058d5c3b5df6fed25bb5432caa4c3ea78b99256ef8010699f8f7b9be0294622945d84f895ed8b5211c64e9e396d72aeeac25e0a92b3d8de064
SSDEEP

98304:iQe3d8R79GHBtnn0l7gwUc9/2Nxt5XF0:HeiXBlswU0OV5

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

185.156.73.73

Targets

- Target
  
  get.exe
- Size
  
  6.9MB
- MD5
  
  4407e12c37de8a5990d74cf40f00f200
- SHA1
  
  c2309e32199ae9702d091b319484bca44cb887a4
- SHA256
  
  f928de875315f0ec8a25027b5ec20476f59c2ee1de3d9076e884a18ffa744fbf
- SHA512
  
  e0c5d53a1a3662058d5c3b5df6fed25bb5432caa4c3ea78b99256ef8010699f8f7b9be0294622945d84f895ed8b5211c64e9e396d72aeeac25e0a92b3d8de064
- SSDEEP
  
  98304:iQe3d8R79GHBtnn0l7gwUc9/2Nxt5XF0:HeiXBlswU0OV5
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
- Downloads MZ/PE file
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader