gcleaner | 18488d4d0c555096f88972d08c2765b8021b39bd698db9f78370b9dc7bfdecd3 | Triage

Sharing

General

Target

5e0687c0c3822213bb9710c1499e6b57d87bbe12285dbf059fbb4750294c070f.zip
Size

238KB
Sample

230310-njvjgafa8v
MD5

4e8c2896a7635907bd47629792215b6e
SHA1

6c291b839fda2570b1bc3bc3521bb836d95e3e72
SHA256

18488d4d0c555096f88972d08c2765b8021b39bd698db9f78370b9dc7bfdecd3
SHA512

62555fbbd98796d889bb99c8953a1c521ac3a6381b641c4e9d753f018bc71cfa1ffef9bef72cf74f53ebbb572e6dfc4d4cfee41d6e006bb2019e03a43cbda369
SSDEEP

6144:SEA44lraT1aqyUyNn/T9W7hEwvGD8Sq8sHHSkkq:V85ap9yUy9IjS8ZBH1kq

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  5e0687c0c3822213bb9710c1499e6b57d87bbe12285dbf059fbb4750294c070f.exe
- Size
  
  389KB
- MD5
  
  4f91267891bbcb4d8800ece961d93f42
- SHA1
  
  facb2ec17ee80ec70a9c2072ff895e9070d5bdc2
- SHA256
  
  5e0687c0c3822213bb9710c1499e6b57d87bbe12285dbf059fbb4750294c070f
- SHA512
  
  aa08542e4d71e3810b0e742276033d096ef4756e899874ed48585c2be52d1f4d579dbe932bbcf3b144a62c10ea59a155e3ca502edb43adfac72312d28f3eabde
- SSDEEP
  
  6144:mkArCLEiyQEw4fhXgdRbAFBr9eTRN4PzEk+S662w0:myIiyQFIh5K47pJvR
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2