gcleaner | 2954099324f4dbaab7227d543c7fd8df09fb108239cbf76a1f679c31d9b812ec | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

2954099324f4dbaab7227d543c7fd8df09fb108239cbf76a1f679c31d9b812ec
Size

393KB
Sample

240625-yrsd7asdpp
MD5

55704459d96566a55663437cb1870633
SHA1

11b0727c68e9e842706e6513740ffcdac1ecabf8
SHA256

2954099324f4dbaab7227d543c7fd8df09fb108239cbf76a1f679c31d9b812ec
SHA512

15938748de3377b6d5e0064d845c5fdb6c578031f1da1049b3a26b9609e83527369327a91d3edf1682afffb8a489bd6e2663eab7214894562ef5f3bfa788ec29
SSDEEP

3072:uLzLixERj5ffY4Q6RDu6Vd8VKjgNh1Cvui6jpO+4MCMuMFRLS7q5Pt4Ltmbf5aKX:OLoETd1N78sEtjY+FXnu7e8mb5Nz

Score

10^/10

gcleaner loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2954099324f4dbaab7227d543c7fd8df09fb108239cbf76a1f679c31d9b812ec.exe

Resource

win10v2004-20240611-en

gcleaner loader

windows10-2004-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

2954099324f4dbaab7227d543c7fd8df09fb108239cbf76a1f679c31d9b812ec.exe

Resource

win11-20240419-en

gcleaner loader

windows11-21h2-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  2954099324f4dbaab7227d543c7fd8df09fb108239cbf76a1f679c31d9b812ec
- Size
  
  393KB
- MD5
  
  55704459d96566a55663437cb1870633
- SHA1
  
  11b0727c68e9e842706e6513740ffcdac1ecabf8
- SHA256
  
  2954099324f4dbaab7227d543c7fd8df09fb108239cbf76a1f679c31d9b812ec
- SHA512
  
  15938748de3377b6d5e0064d845c5fdb6c578031f1da1049b3a26b9609e83527369327a91d3edf1682afffb8a489bd6e2663eab7214894562ef5f3bfa788ec29
- SSDEEP
  
  3072:uLzLixERj5ffY4Q6RDu6Vd8VKjgNh1Cvui6jpO+4MCMuMFRLS7q5Pt4Ltmbf5aKX:OLoETd1N78sEtjY+FXnu7e8mb5Nz
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy