gcleaner | 2ce020d334aba172477337fb6aee6000e01d98c0afee7a8b2daa569e58a5f25c | Triage

Sharing

General

Target

43c684cde21885bd1a7add14846c6ce0ab374a6ff7163b655ec80186620770d3.zip
Size

204KB
Sample

230308-qj2znafb3x
MD5

185ed8326d5c40f9324f6d812bd21fff
SHA1

ecf30df9967a09627b7761a7c8a235164953ad00
SHA256

2ce020d334aba172477337fb6aee6000e01d98c0afee7a8b2daa569e58a5f25c
SHA512

4d45aacef486ab66ee4f5c3ce3575d20b063e4e4f868e185142b29efc3e4e75a12c951c99a4c6ee28490dbd1ad0bfcae6ec31da095b551264c64c0778df9bec4
SSDEEP

6144:K+2kfvA70boBflcCHWuZkVsgJ0P75Xd17ntYYV:K1k3aBNctVC5N17tYYV

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  43c684cde21885bd1a7add14846c6ce0ab374a6ff7163b655ec80186620770d3.exe
- Size
  
  331KB
- MD5
  
  2cb08ca754964460e0c6d81e1250c974
- SHA1
  
  7f62b1284addc0f579b2ca240352027711d021f0
- SHA256
  
  43c684cde21885bd1a7add14846c6ce0ab374a6ff7163b655ec80186620770d3
- SHA512
  
  c00361862d1977e1a591a0a2ef21bc35aee37a97ff55ecffeb632a850000456613d497fa76e23a7e676473fd9a4bc325a0443a7bcf95fda512e3a08e314785ad
- SSDEEP
  
  6144:H5XlqHQCFVZqVFbFso4D3N/B3yoGkaFtZWfdW4TE3v1144C0K:H9sHQCFVQVFb095CGaFtZ4dW1cn
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2