gcleaner | 3d7006311346e0a54f609b1ce3a6c3af8ba7499ca3ef8e7495544e4e8726b611 | Triage

Sharing

General

Target

b4a0890b7b896b28d86af7c066ce54f9a9f51e17fc7e78349a1ceee92114f522.zip
Size

205KB
Sample

230310-njxntsdc82
MD5

3946315360edf4544f2f1e2727302795
SHA1

f582d93bc5c8f9755c9759f46d964ccd68127e3f
SHA256

3d7006311346e0a54f609b1ce3a6c3af8ba7499ca3ef8e7495544e4e8726b611
SHA512

8d892b9d95ec527077f108f38f2715f02ead8cb5827b584f7fdc090bd3232199922f20c852477a0428ff52d23aacc4d0db17b3b8688afb607c5f923f047f895d
SSDEEP

6144:kWdzHTuE9/WghgXyKX6o3ZI0x0HLrhJsovs622rXP7:kyHv/WB1qW+rhZsvQXP7

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  b4a0890b7b896b28d86af7c066ce54f9a9f51e17fc7e78349a1ceee92114f522.exe
- Size
  
  332KB
- MD5
  
  be8060c6a8398acadab32498f98f5556
- SHA1
  
  e759f4222f13d900ba19a2c7fc911a9dcd8a0909
- SHA256
  
  b4a0890b7b896b28d86af7c066ce54f9a9f51e17fc7e78349a1ceee92114f522
- SHA512
  
  3f649fb726039bb4ff4ed3186de7141c1b3ad0911f6ea7fefef0fef3f08abefafa70faa870a6b9eafbd5f3ab58dfb45be165ed52f87ede1155fefbab4ae4d6ad
- SSDEEP
  
  6144:QVXnCBimgu6LoCECJQv/zox+ePEczZ+mWdZe5+wOC0K:QxCBim4dECy/Ex+enQZXw5n
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2