gcleaner | fb861a782af83e33211b8f76e715076528e753326056257e15c33463073b5a2b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a708327e4d55ffb7ba8095480d7e8a25.exe
Size

247KB
Sample

230201-sbk3aacb2z
MD5

a708327e4d55ffb7ba8095480d7e8a25
SHA1

f70a4dba48818a62eea256fe492c77b8816e9966
SHA256

fb861a782af83e33211b8f76e715076528e753326056257e15c33463073b5a2b
SHA512

609adfe4dee87a447934356e80e062b289e29b94fe42362164a5f1854de397a190088d01af6e124128eae7cd1843aa9381ffebf91dc4dcc03671aa09d812b926
SSDEEP

6144:QLiKzxf/ScLKJ81F3fojybiBq3IkOulqlaafGWX:QuKN281lKybiB0Ik5UaYbX

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  a708327e4d55ffb7ba8095480d7e8a25.exe
- Size
  
  247KB
- MD5
  
  a708327e4d55ffb7ba8095480d7e8a25
- SHA1
  
  f70a4dba48818a62eea256fe492c77b8816e9966
- SHA256
  
  fb861a782af83e33211b8f76e715076528e753326056257e15c33463073b5a2b
- SHA512
  
  609adfe4dee87a447934356e80e062b289e29b94fe42362164a5f1854de397a190088d01af6e124128eae7cd1843aa9381ffebf91dc4dcc03671aa09d812b926
- SSDEEP
  
  6144:QLiKzxf/ScLKJ81F3fojybiBq3IkOulqlaafGWX:QuKN281lKybiB0Ik5UaYbX
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2