gcleaner | 11e031bee901530976738cfae21fe2d3178d0a6364fd06b540c452a80c9d57a0 | Triage

Sharing

General

Target

bf1da988e71f4e6b5aa9ad169d1637ac47ac43b548fdb1173733922d620572c5.zip
Size

208KB
Sample

230308-qj2znagc35
MD5

320ce93be22f6814172461a9ced5ff2e
SHA1

469587b17ba6b9d57636ffc0fe70ee2e2e89fb7c
SHA256

11e031bee901530976738cfae21fe2d3178d0a6364fd06b540c452a80c9d57a0
SHA512

061e9a39795048abf6a19a58fd3ac3df0449610add29147d2b92623ae7ff503e860d0462f21d297389123913b4e8f63ef4ed939a3d2f92d6d9d97a921de89221
SSDEEP

6144:l3x78DjusLfPu0t5F1l1RoCcwP2AhXzml+H14ox:JtMu0tPl9cwP2AhXzmQyE

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  bf1da988e71f4e6b5aa9ad169d1637ac47ac43b548fdb1173733922d620572c5.exe
- Size
  
  273KB
- MD5
  
  bd6da92bd52d003123cbc4759dec1002
- SHA1
  
  9dafebf9cfdc15cd54c56b767b07b0d7944d1f92
- SHA256
  
  bf1da988e71f4e6b5aa9ad169d1637ac47ac43b548fdb1173733922d620572c5
- SHA512
  
  9c7867046c173643f150a322a95f830c0a04c2bc50b72925ffb87dbf11188d54d3152d855e6741e3b107f0c92dc9e037e421d531ad2921226fe0b71042ede302
- SSDEEP
  
  6144:BqgzUOOHyHYY9CU3v/fQ1Buu48mVUKfm8XZdpqRI:BqgzyyHYY9CU3v/EBuu48iUQXAK
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2