gcleaner | 574c5ba90e69460799a53ea6fc88d8c6ba4b2b749f739f61779e1975e53e15d9 | Triage

Sharing

General

Target

random.exe
Size

5.9MB
Sample

250404-kk3dxsttcz
MD5

e05432c13d42b8526ce4bc0dc240d297
SHA1

db6e9382425055030662ecdc95d6405d30dcf82a
SHA256

574c5ba90e69460799a53ea6fc88d8c6ba4b2b749f739f61779e1975e53e15d9
SHA512

56ad65cc3608f67b680599f8769a0bb0a8b16bdaaf62569c517fa54e72c12671d57472c1e88baaa13cf69a95b84887c527cba666abbca61a923d380dd71481ee
SSDEEP

98304:DX54fPfKCBNONlMkAH1sQRmiI5Q0TXoQDj:DXqXfKCyNStm+0r/P

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

185.156.73.98

45.91.200.135

Targets

- Target
  
  random.exe
- Size
  
  5.9MB
- MD5
  
  e05432c13d42b8526ce4bc0dc240d297
- SHA1
  
  db6e9382425055030662ecdc95d6405d30dcf82a
- SHA256
  
  574c5ba90e69460799a53ea6fc88d8c6ba4b2b749f739f61779e1975e53e15d9
- SHA512
  
  56ad65cc3608f67b680599f8769a0bb0a8b16bdaaf62569c517fa54e72c12671d57472c1e88baaa13cf69a95b84887c527cba666abbca61a923d380dd71481ee
- SSDEEP
  
  98304:DX54fPfKCBNONlMkAH1sQRmiI5Q0TXoQDj:DXqXfKCyNStm+0r/P
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
- Downloads MZ/PE file
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader