gcleaner | 375c764f19d42364f4e3997555901fff015030280c1d37b8038026836bf3bdb6 | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

375c764f19d42364f4e3997555901fff015030280c1d37b8038026836bf3bdb6
Size

397KB
Sample

240625-ljg72avdnq
MD5

1d8a1e28e4c4e4785fd47bdaa7a05371
SHA1

5b4ce8276a8700f70576921cddb934ba5cd89d48
SHA256

375c764f19d42364f4e3997555901fff015030280c1d37b8038026836bf3bdb6
SHA512

913813363519b07e1ecee1225c20367f32cc875064afbbc7a9165545b4de983bb9db4683c4faa957b5a8a0bf2569b465a5e2bad9f7f4212428572b62a9be5400
SSDEEP

6144:851pxL9A0MXxNxgJS6amSg81cLh2H68LFAxAlD1z1Y7ib5K+Xi:8LpxZA0MiwLmSgwcLh2H68L26bu7ib

Score

10^/10

gcleaner loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

375c764f19d42364f4e3997555901fff015030280c1d37b8038026836bf3bdb6.exe

Resource

win10v2004-20240508-en

gcleaner loader

windows10-2004-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

375c764f19d42364f4e3997555901fff015030280c1d37b8038026836bf3bdb6.exe

Resource

win11-20240611-en

gcleaner loader

windows11-21h2-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  375c764f19d42364f4e3997555901fff015030280c1d37b8038026836bf3bdb6
- Size
  
  397KB
- MD5
  
  1d8a1e28e4c4e4785fd47bdaa7a05371
- SHA1
  
  5b4ce8276a8700f70576921cddb934ba5cd89d48
- SHA256
  
  375c764f19d42364f4e3997555901fff015030280c1d37b8038026836bf3bdb6
- SHA512
  
  913813363519b07e1ecee1225c20367f32cc875064afbbc7a9165545b4de983bb9db4683c4faa957b5a8a0bf2569b465a5e2bad9f7f4212428572b62a9be5400
- SSDEEP
  
  6144:851pxL9A0MXxNxgJS6amSg81cLh2H68LFAxAlD1z1Y7ib5K+Xi:8LpxZA0MiwLmSgwcLh2H68L26bu7ib
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy