gcleaner | b024a39550e5668bff7fe4d1cacb83c770c7b21d1b5a52bf81acb847c7414031 | Triage

Sharing

General

Target

5c82f9d43748af8b52b4d11ea71cb323
Size

270KB
Sample

230308-s8qn2ach64
MD5

5c82f9d43748af8b52b4d11ea71cb323
SHA1

51ecf6fc4f4e13f1a7634ae2e09b0ef3549a5be1
SHA256

b024a39550e5668bff7fe4d1cacb83c770c7b21d1b5a52bf81acb847c7414031
SHA512

a239232cc62cafc258ea1617b5a0364cf4d7f12b95e277cb486136f50d3666948923581c48e7762789d2c32941a225a9d55184d0cee311e84d320d57e16e42eb
SSDEEP

6144:Bpr91XKOC5bWr/gvbh4XcqXft+hCmaX/uqt:BTxjC5bIIvbeVvtAZuG

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  5c82f9d43748af8b52b4d11ea71cb323
- Size
  
  270KB
- MD5
  
  5c82f9d43748af8b52b4d11ea71cb323
- SHA1
  
  51ecf6fc4f4e13f1a7634ae2e09b0ef3549a5be1
- SHA256
  
  b024a39550e5668bff7fe4d1cacb83c770c7b21d1b5a52bf81acb847c7414031
- SHA512
  
  a239232cc62cafc258ea1617b5a0364cf4d7f12b95e277cb486136f50d3666948923581c48e7762789d2c32941a225a9d55184d0cee311e84d320d57e16e42eb
- SSDEEP
  
  6144:Bpr91XKOC5bWr/gvbh4XcqXft+hCmaX/uqt:BTxjC5bIIvbeVvtAZuG
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2