gcleaner | 9878225ece1bd66b2fc3063fa4ee3c23d083b72d55585eeb87589b4ef58ca720 | Triage

Sharing

General

Target

b024a39550e5668bff7fe4d1cacb83c770c7b21d1b5a52bf81acb847c7414031.zip
Size

205KB
Sample

230310-m2jn9ada24
MD5

6d3d05b4bb39bd19a98ffbe91b80f256
SHA1

b3efadd0fe28ffb5d6890b6eb4c984a02e37f0bd
SHA256

9878225ece1bd66b2fc3063fa4ee3c23d083b72d55585eeb87589b4ef58ca720
SHA512

192ab385bbb448a64dc001865f905ffe7a531fb7b662f99c6c1124345c7f553e8b43e056b49634a660e8bfb59b89070ae024be969cb1824b8cdced8eb4fa4d6c
SSDEEP

3072:MY09wqqyoGBJRM36AG0amzYuwXJYCEnVzfg3LLSxkP0UyZYu8JWxRhJVqID:G9wUo0JR+ZLa4YujCEVy++cRZhr7V5

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  b024a39550e5668bff7fe4d1cacb83c770c7b21d1b5a52bf81acb847c7414031.exe
- Size
  
  270KB
- MD5
  
  5c82f9d43748af8b52b4d11ea71cb323
- SHA1
  
  51ecf6fc4f4e13f1a7634ae2e09b0ef3549a5be1
- SHA256
  
  b024a39550e5668bff7fe4d1cacb83c770c7b21d1b5a52bf81acb847c7414031
- SHA512
  
  a239232cc62cafc258ea1617b5a0364cf4d7f12b95e277cb486136f50d3666948923581c48e7762789d2c32941a225a9d55184d0cee311e84d320d57e16e42eb
- SSDEEP
  
  6144:Bpr91XKOC5bWr/gvbh4XcqXft+hCmaX/uqt:BTxjC5bIIvbeVvtAZuG
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2