gcleaner | fe7512f23b9926681c18ee82ba4083a7d947c8953340a6c101e94a909e94f699 | Triage

Sharing

General

Target

9654564e437afa4a9cfb133343e379c8c3c69f53f5b81f4cf2425c9cb9a487f4.zip
Size

220KB
Sample

230308-qjkqdaeg4z
MD5

32bad717abff5d9b58cae0721957567b
SHA1

6b96479e95dcc685a2b3472f9599e129996221af
SHA256

fe7512f23b9926681c18ee82ba4083a7d947c8953340a6c101e94a909e94f699
SHA512

787dc391bc5d92935534eb84de6349235889c4f9260205f0bb4077688a218c7470eb4658ff844489c3f1bc197909c1a3d8ced21794299ac7948f30f93d787ec7
SSDEEP

6144:Iv2KoQ8W/C1Xb1bbk158RgQf3Vs/G3HwIf2dkYb4UXKrXH8B:IvlJ/mXb5bk15TQf3VE1bvKrX8B

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  9654564e437afa4a9cfb133343e379c8c3c69f53f5b81f4cf2425c9cb9a487f4.exe
- Size
  
  286KB
- MD5
  
  67215a65f0750a47be8239b1f0e52ccf
- SHA1
  
  c3e13bd46d93894d74fddfda1586dfdcffd836a0
- SHA256
  
  9654564e437afa4a9cfb133343e379c8c3c69f53f5b81f4cf2425c9cb9a487f4
- SHA512
  
  c11861b1c5fdc480ea154c1e5c4e22a590c99f6714541997e536dfa485ed82532a5d6387bd40383aae3a8d3f86f060f96af47f6db3b4d929dba097db53b66d42
- SSDEEP
  
  6144:9af5UIKNEUtGWCZxD+WQ6WAc+BziMBXn/tz/JExFFtj:9afCvNntGWU1+sWAJ1RJEFtj
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2