gcleaner | 3188c45935de23011d7e4df6b1ea0b97e44f570093aceecbb33ed0763ca67a75 | Triage

Sharing

General

Target

15e8fbd7bf5a5f967c87deaeff5389b9409bdc51a0d75c55d765b2e1b99d9ba0.zip
Size

205KB
Sample

230310-njvt8sfa8w
MD5

dbe7f5440ac7727a5b8156da8b0f45c0
SHA1

b876fed2b9e61bcd5425610788ee0f7323c9192b
SHA256

3188c45935de23011d7e4df6b1ea0b97e44f570093aceecbb33ed0763ca67a75
SHA512

08e2ab9301a6243afd47b04417a32bd144b48d05760b3343c3b5139fede4da5eeb47c07d2e850c091522050537a5f94502efa77cfbf80ae2b988d5b8d14e3b0c
SSDEEP

6144:ppmVqrlXdI4zPf2mqHKCyKmsJ4F62YDYqGf:ppmVqlb329H9qsJ4F62yYqQ

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  15e8fbd7bf5a5f967c87deaeff5389b9409bdc51a0d75c55d765b2e1b99d9ba0.exe
- Size
  
  270KB
- MD5
  
  a7d2eaf84e08f5316ac1697bbbd00e06
- SHA1
  
  05b3c914bd54988ce786b39cdc13814d10ef48ef
- SHA256
  
  15e8fbd7bf5a5f967c87deaeff5389b9409bdc51a0d75c55d765b2e1b99d9ba0
- SHA512
  
  aa24224e1bdc0255023ac467549de1bee15dad7538e3b56d5db20bbaf03f6f8e8b74b95c3a72e1274eb58a853d88a0b7cf5227b486f727d931af0cf229b0471d
- SSDEEP
  
  6144:bbXn4tN/SsGQdxxZdQUV3ruDSsetMF8wV//eA3G:bT4tN/SbQ3xPBKGsBZ73
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2