gcleaner | 791f0d1a573d088cb943e4154bc9da5978d28ef17d1ce1e3197a34449319a49b | Triage

Sharing

General

Target

15e8fbd7bf5a5f967c87deaeff5389b9409bdc51a0d75c55d765b2e1b99d9ba0.zip
Size

205KB
Sample

230310-m2pkhada29
MD5

2afb714ceaeafb0669ef70620425b675
SHA1

034181cdeaacbc021fec059981520f0017a7e022
SHA256

791f0d1a573d088cb943e4154bc9da5978d28ef17d1ce1e3197a34449319a49b
SHA512

6bf7d5fd787fbd6ca3bec208ff216124a4c1463747cffda7c2e00140140dc7ef60a6b16356f52ef7126e4aa4e684dc492355d0dc170582113b1ca8015b759a3c
SSDEEP

6144:eA6OEOpzg2Uz19YzEDzWXJzNmf1mw20vUh1w:eAPjgp19Y6w0Qskw

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  15e8fbd7bf5a5f967c87deaeff5389b9409bdc51a0d75c55d765b2e1b99d9ba0.exe
- Size
  
  270KB
- MD5
  
  a7d2eaf84e08f5316ac1697bbbd00e06
- SHA1
  
  05b3c914bd54988ce786b39cdc13814d10ef48ef
- SHA256
  
  15e8fbd7bf5a5f967c87deaeff5389b9409bdc51a0d75c55d765b2e1b99d9ba0
- SHA512
  
  aa24224e1bdc0255023ac467549de1bee15dad7538e3b56d5db20bbaf03f6f8e8b74b95c3a72e1274eb58a853d88a0b7cf5227b486f727d931af0cf229b0471d
- SSDEEP
  
  6144:bbXn4tN/SsGQdxxZdQUV3ruDSsetMF8wV//eA3G:bT4tN/SbQ3xPBKGsBZ73
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2