gcleaner | 995217d74a396e998546e4a9c5127900d423b4c9c349b5f9f8dba898b7fa139f | Triage

Sharing

General

Target

94551b68fcb65d49a5d1d29a0dba5ec3f2e98252fef337a4fba2416ecb8cea76.zip
Size

218KB
Sample

230311-s75rkaac27
MD5

62d17613733fa13fa3a9c4220a092b15
SHA1

d061b347bc68a28c5ed900bb3cc25b69b3ef6b4c
SHA256

995217d74a396e998546e4a9c5127900d423b4c9c349b5f9f8dba898b7fa139f
SHA512

e7dbb025fcea94d19755f64eac4f2f87aeee301d15a6eb668c86e865441adb00d2dc5ee3c356d46b27509395859bc0e8dc62651afbd530fc68be634cfacc899c
SSDEEP

6144:asQWH5iNe8B0J3EKU+kp2y+B7duQHLi4B98:0Qkkm0J15wf024B2

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  94551b68fcb65d49a5d1d29a0dba5ec3f2e98252fef337a4fba2416ecb8cea76.exe
- Size
  
  280KB
- MD5
  
  b5d2845d8527d553115463d631b1702d
- SHA1
  
  b63b39d1b3d2f477f965b460ebc05e765450723c
- SHA256
  
  94551b68fcb65d49a5d1d29a0dba5ec3f2e98252fef337a4fba2416ecb8cea76
- SHA512
  
  08fc0ba5967ecc8ff3b4442d59666913b0b704d8e172d34545ac6afcb9b041f93e30f807dd240d6baa76fc2ba56c2a825e6d27bbb755c0cffb841878d2174b08
- SSDEEP
  
  6144:ZOLRv3eI/62feWK3az1MbbhOXXASgyA591:k9vf62fS3MSbgndS
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2