gcleaner | ec078afc81fa56ec6282d5645e584a1b009fb69d86332ee340cea66aeb60b830 | Triage

Sharing

General

Target

ec4a3b4195a3e96b2368b55ebb4c3c64e07a2d84e8f5b8a501b0547473ebf9d9.zip
Size

203KB
Sample

230310-njvt8sdc77
MD5

4478e8f366d3dc2f3ca613957d431fdd
SHA1

ede032bfa0b0fe2c8eb7612327bf8e73a3e663db
SHA256

ec078afc81fa56ec6282d5645e584a1b009fb69d86332ee340cea66aeb60b830
SHA512

584c88e6845bbda82b48e48f0b724339780b455a160ddad226e6a68a3c889d18c3c848289d24d75574f51006a3e855345037a740032f6e598d5b49d56555a3ca
SSDEEP

6144:dkdUtTLcwiM+ZzjSy5MiCQPcG8+07foV3twxHPSYfMKduC:idUZ+VtCd40LoIfMKz

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  ec4a3b4195a3e96b2368b55ebb4c3c64e07a2d84e8f5b8a501b0547473ebf9d9.exe
- Size
  
  264KB
- MD5
  
  eea01ea8e153688c3526ba719db41e4a
- SHA1
  
  cd618f3d4988e1eb4927b3586a45654954e9e8b4
- SHA256
  
  ec4a3b4195a3e96b2368b55ebb4c3c64e07a2d84e8f5b8a501b0547473ebf9d9
- SHA512
  
  887b28fea13daab34bea6ee8b34dff8b9e8559879a426702ab140bc240f2d0aeaf768fdbd303a6de137dc8abffa222d2537669ee0bddc4c438605a6fff44acd4
- SSDEEP
  
  3072:O/rtOYPo98S5fAlHfu6ctbqYX18hvgJrv2Tk+CQK1iCrvnAbUeypMs+okF:DMoaS5DSo72AX+CrvAQgs+h
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2