gcleaner | bbeadb2a2f970db6258c206717d09e92bdced2c7edf3c449332d2818e4085953 | Triage

Sharing

General

Target

4b0e4fd6806fe1cd9dd277211a3aa9ab0510a3795355190acf8a84f6a2e5a508.zip
Size

203KB
Sample

230310-m2l5daef81
MD5

82087ae2b0f7167eaf6c5116f70dd036
SHA1

c5f1c73475c9cb08488eb19b7ac0998fa689202c
SHA256

bbeadb2a2f970db6258c206717d09e92bdced2c7edf3c449332d2818e4085953
SHA512

133a0d9ac94e00c04aab61cebc63b6e6465b0b704455f578945635bc2e3c9f34b1d8c373c67d956b236264bf7d7281227b442e687048db3676b41a290963c518
SSDEEP

6144:aKb3nnNfu147b8+mB6YREJMv2aVrKm/Ri9komlTHNG:aKpW14P8hgYRD2aVrKfk5BtG

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  4b0e4fd6806fe1cd9dd277211a3aa9ab0510a3795355190acf8a84f6a2e5a508.exe
- Size
  
  276KB
- MD5
  
  d554d767e490e4a920b0efde009c1ee2
- SHA1
  
  685f5852949a32832eb38314a699b7697550ad2d
- SHA256
  
  4b0e4fd6806fe1cd9dd277211a3aa9ab0510a3795355190acf8a84f6a2e5a508
- SHA512
  
  5643111c5370d9afdc677ade1e168bfd90ff0f518ad6d680c5b053336df7e88a20e34efd03352dda53931b0d87bcad484184036a7a9af8e4aa6927082862d888
- SSDEEP
  
  6144:IzaompYs/FnG2Hq9h8GE2u73uySVApc+:uEYs/hG2K9hjeSK
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2