gcleaner | 7b04c75b0055274afb925e2b507c26d4bd3b465d40ddc5007a98137372186dc9 | Triage

Sharing

General

Target

4fbb67c0ef74f07ac1b31dba5d136938735bbd00544d27b4931a4a79e12f1f5f.zip
Size

237KB
Sample

230308-p1v21abg23
MD5

ab6b1f528c3c6be634c9dbaf036db83a
SHA1

a4a905dada426b94ba4cf08dbb6d57fc704a4fc6
SHA256

7b04c75b0055274afb925e2b507c26d4bd3b465d40ddc5007a98137372186dc9
SHA512

2546ff55cb63c758efa27b2e0a4efcd77097574fce8cf7c93f8a1b9b52fb4b662e7b22db341bb8dd7df997ba4d9522e2e10b1c29a9a0d6125aa1e8c45097b459
SSDEEP

6144:/k1LvXogCoo/PypoRjUE/L2lBMwEfSWIjQ1Fu7e5V507APFhT:Gz4gHo3UARfS4zzV8A9hT

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  4fbb67c0ef74f07ac1b31dba5d136938735bbd00544d27b4931a4a79e12f1f5f.exe
- Size
  
  385KB
- MD5
  
  34f8808d1a51641fac355ba5c92f7114
- SHA1
  
  eb6774b48254e0b37f357dffb5ea620bc8cca5f3
- SHA256
  
  4fbb67c0ef74f07ac1b31dba5d136938735bbd00544d27b4931a4a79e12f1f5f
- SHA512
  
  dfff6523cf9393c3a9e41925c6a8905ea4be3155a46334193ed839b783288ed7ccb9fe946411d2c1e896eb839d8cb3e76ed1cadb1987f616fdede1940d2146a5
- SSDEEP
  
  3072:t5uIKIRGXJuLGNafEnyKWus/1T6J2d+kVojCI40+/xJP92VBY3TQGcuD4EBWrFVU:YI6uLGcE70dpd+kVx1x/2VWxcu8sWR
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2