gcleaner | 4b0e4fd6806fe1cd9dd277211a3aa9ab0510a3795355190acf8a84f6a2e5a508 | Triage

Sharing

General

Target

d554d767e490e4a920b0efde009c1ee2.exe
Size

276KB
Sample

230308-ydhmtsff21
MD5

d554d767e490e4a920b0efde009c1ee2
SHA1

685f5852949a32832eb38314a699b7697550ad2d
SHA256

4b0e4fd6806fe1cd9dd277211a3aa9ab0510a3795355190acf8a84f6a2e5a508
SHA512

5643111c5370d9afdc677ade1e168bfd90ff0f518ad6d680c5b053336df7e88a20e34efd03352dda53931b0d87bcad484184036a7a9af8e4aa6927082862d888
SSDEEP

6144:IzaompYs/FnG2Hq9h8GE2u73uySVApc+:uEYs/hG2K9hjeSK

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  d554d767e490e4a920b0efde009c1ee2.exe
- Size
  
  276KB
- MD5
  
  d554d767e490e4a920b0efde009c1ee2
- SHA1
  
  685f5852949a32832eb38314a699b7697550ad2d
- SHA256
  
  4b0e4fd6806fe1cd9dd277211a3aa9ab0510a3795355190acf8a84f6a2e5a508
- SHA512
  
  5643111c5370d9afdc677ade1e168bfd90ff0f518ad6d680c5b053336df7e88a20e34efd03352dda53931b0d87bcad484184036a7a9af8e4aa6927082862d888
- SSDEEP
  
  6144:IzaompYs/FnG2Hq9h8GE2u73uySVApc+:uEYs/hG2K9hjeSK
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2