gcleaner | 642a3e9148e1e7709c5e2b35764e168e548505b88709b99ca49f2e11a05599fa | Triage

Sharing

General

Target

9c48e1bb555bbb98d635146b5098f1fda8753eade8479c079a14a5a1887fde7e.zip
Size

217KB
Sample

230308-qjtnaaga86
MD5

511615483dd9be1180d7b6fe16592521
SHA1

6c7bf1a215d95bb78dcca8d3bce04bfa0599e571
SHA256

642a3e9148e1e7709c5e2b35764e168e548505b88709b99ca49f2e11a05599fa
SHA512

a72bbc5cce9b6c90946b9cada6773605e56c072db2424a7124f3d59c5999de8068848396a9e1d15fbd8dac8e26ecfa0a7b456437e743efbb4e4da72da147a772
SSDEEP

6144:OASK/5cJE8PpLG1mWBn2TJ9wVhZQhKbf9/JU:5S+5+PpS1fn2eu+DU

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  9c48e1bb555bbb98d635146b5098f1fda8753eade8479c079a14a5a1887fde7e.exe
- Size
  
  274KB
- MD5
  
  7ebea2e3a1e5ae3bc8e224d206bc6f93
- SHA1
  
  6901a26caeb04f7a85965fef96453078d00114e4
- SHA256
  
  9c48e1bb555bbb98d635146b5098f1fda8753eade8479c079a14a5a1887fde7e
- SHA512
  
  f0c2b7f21e20afd28a9528e4b57fecc1e62a1de47a4bf762d438a4b3991ac9d4c66ae07032d2fa92df37def94a72aa293e62f8d5f85dca064180895db84bda7e
- SSDEEP
  
  6144:u8wLvRMLefcHC+zuMg8KVmOxJRcPsAFDOI9RtyAZcQ2L:yaLefcHuMZTgM3OgBZcQ
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2