gcleaner | abbc1acb8e317fd76620190790b1137b6bc1122718954470fff52cc1e0e3b2a5 | Triage

Sharing

General

Target

4b0e4fd6806fe1cd9dd277211a3aa9ab0510a3795355190acf8a84f6a2e5a508.zip
Size

203KB
Sample

230310-njkn9sfa71
MD5

66353797e7316af1aab46fc1158756e8
SHA1

8806d644d88f1df3ccdc9358ebdbaddc71a0ddc6
SHA256

abbc1acb8e317fd76620190790b1137b6bc1122718954470fff52cc1e0e3b2a5
SHA512

b8fb014b4fc02a3fa72561145ab5ff687440688f88ca8e36d4e8db92954fdbfdb50c2de653019488d44f0ce271e231f5696c67b7fcec78793f08f92f16a90e72
SSDEEP

6144:JzzuWz0jMO8L/AUaOl3L7f/UFNXS5Wm4IToidp:sb87AUJ3LTMNXSOITHp

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  4b0e4fd6806fe1cd9dd277211a3aa9ab0510a3795355190acf8a84f6a2e5a508.exe
- Size
  
  276KB
- MD5
  
  d554d767e490e4a920b0efde009c1ee2
- SHA1
  
  685f5852949a32832eb38314a699b7697550ad2d
- SHA256
  
  4b0e4fd6806fe1cd9dd277211a3aa9ab0510a3795355190acf8a84f6a2e5a508
- SHA512
  
  5643111c5370d9afdc677ade1e168bfd90ff0f518ad6d680c5b053336df7e88a20e34efd03352dda53931b0d87bcad484184036a7a9af8e4aa6927082862d888
- SSDEEP
  
  6144:IzaompYs/FnG2Hq9h8GE2u73uySVApc+:uEYs/hG2K9hjeSK
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2