gcleaner | 47d8f6afcc2182f5af9398fe971e42a5b2dcc08506fd0d69ef0b938615e7d488 | Triage

Sharing

General

Target

ec4a3b4195a3e96b2368b55ebb4c3c64e07a2d84e8f5b8a501b0547473ebf9d9.zip
Size

203KB
Sample

230310-m2pv9sef9t
MD5

dd200f975c0eb4cc6f5ddf433b0abc98
SHA1

701069ddeca3f64828ea460b1788955e1b38aee7
SHA256

47d8f6afcc2182f5af9398fe971e42a5b2dcc08506fd0d69ef0b938615e7d488
SHA512

12dbb74088c0858e36d73fda9e9f74c252ec46b485e81291ce65f0c21a5683f5b0c24311c27464089dbb565e87f1f6766110d91c0dee97b73a278f490a0b6c7e
SSDEEP

3072:gYpHrMdKicD/HdLjIk5w6T6A79rw4BFkgTDydSrIZkQXD+kXp5/+ZJU0:g2odWD/HNjjT6E9MOFkgqS6kW6keJU0

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  ec4a3b4195a3e96b2368b55ebb4c3c64e07a2d84e8f5b8a501b0547473ebf9d9.exe
- Size
  
  264KB
- MD5
  
  eea01ea8e153688c3526ba719db41e4a
- SHA1
  
  cd618f3d4988e1eb4927b3586a45654954e9e8b4
- SHA256
  
  ec4a3b4195a3e96b2368b55ebb4c3c64e07a2d84e8f5b8a501b0547473ebf9d9
- SHA512
  
  887b28fea13daab34bea6ee8b34dff8b9e8559879a426702ab140bc240f2d0aeaf768fdbd303a6de137dc8abffa222d2537669ee0bddc4c438605a6fff44acd4
- SSDEEP
  
  3072:O/rtOYPo98S5fAlHfu6ctbqYX18hvgJrv2Tk+CQK1iCrvnAbUeypMs+okF:DMoaS5DSo72AX+CrvAQgs+h
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2