gcleaner | aa93d6e583a382ae70aa8dbd599c2e4e952e282deb94deb807ebcee4e984b286 | Triage

Sharing

General

Target

8a2ed465f876e200314451371c46e38ddb7dae622efe7f60bb7d58d9291651d5.zip
Size

208KB
Sample

230308-qjwgwagb29
MD5

89211517fac31392f16acd8d076e342e
SHA1

27f29e49007008dcb6b3ada83c4597b62da6e9c8
SHA256

aa93d6e583a382ae70aa8dbd599c2e4e952e282deb94deb807ebcee4e984b286
SHA512

69a800c6909041a671d98418f0016da6a118c8bb85996da5d859e8875d804f0befadc11f307042be7b694a23ce1a1aae989ef8b720fff5207e548049d059976d
SSDEEP

3072:AeMYF4PDPAQEZK6cSJH27VJH/8gbVOzFI+aDGgAzsNuQpLAaPfmuprb0uAYdh:AedqTlEDccH8VJH/8TJaHAzxmNMub

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  8a2ed465f876e200314451371c46e38ddb7dae622efe7f60bb7d58d9291651d5.exe
- Size
  
  273KB
- MD5
  
  bfe0a34bb6494a9b1e866efe97ccd11b
- SHA1
  
  2222524e5bf603c3166ed445ae5f94f2ebe1fc6e
- SHA256
  
  8a2ed465f876e200314451371c46e38ddb7dae622efe7f60bb7d58d9291651d5
- SHA512
  
  9520cace14670c5aff3fcad7476c231d04b4a8b152f0af12cabbcc1a4947ca9007a2a65e3cf010e9a6dfd0f2388cc58def7d8e28338c3f516c0733613e28111c
- SSDEEP
  
  6144:5qgB6W89GHqzCzKDJUF3sIcqZi5WZbvEeTqa48Hd/:5qgB6bGHqzCGUF3niUHz485
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2