gcleaner | b7a68a96f7b889b83cf3d22d4459ebee0355cf5ead405e249529cf68c675e68d | Triage

Sharing

General

Target

5e0687c0c3822213bb9710c1499e6b57d87bbe12285dbf059fbb4750294c070f.zip
Size

238KB
Sample

230308-qjwsmsfa2y
MD5

5b9222bbdc3f7c15d37aef9470cc9157
SHA1

f1835551fa0d0766f6f3c68474dda1684ae7d013
SHA256

b7a68a96f7b889b83cf3d22d4459ebee0355cf5ead405e249529cf68c675e68d
SHA512

e47c5833f332b0c7d69b82454e5a3b16e492368384e4e713f8fe3dc052fe122632a0b84cc54a671dfa7312d88362492ac2f98bf54af8fcc32e5ff810ac6c4e88
SSDEEP

6144:AnDCiuemKk5oS0iFBVFqMJWD5BsNIZT5o1zCee:ADCma0ynFqMcVBsNIp21Q

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  5e0687c0c3822213bb9710c1499e6b57d87bbe12285dbf059fbb4750294c070f.exe
- Size
  
  389KB
- MD5
  
  4f91267891bbcb4d8800ece961d93f42
- SHA1
  
  facb2ec17ee80ec70a9c2072ff895e9070d5bdc2
- SHA256
  
  5e0687c0c3822213bb9710c1499e6b57d87bbe12285dbf059fbb4750294c070f
- SHA512
  
  aa08542e4d71e3810b0e742276033d096ef4756e899874ed48585c2be52d1f4d579dbe932bbcf3b144a62c10ea59a155e3ca502edb43adfac72312d28f3eabde
- SSDEEP
  
  6144:mkArCLEiyQEw4fhXgdRbAFBr9eTRN4PzEk+S662w0:myIiyQFIh5K47pJvR
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2