gcleaner | 28a518d58bc9de87f171107b5c69fcafc13568cf01badf750312f44369e99eb1 | Triage

Sharing

General

Target

9654564e437afa4a9cfb133343e379c8c3c69f53f5b81f4cf2425c9cb9a487f4.zip
Size

220KB
Sample

230311-s75rkaca8t
MD5

e127da70e79991369b57a1710f539674
SHA1

717ef2f2b7ffb23a2363c1d3184ffc464f0a2f0f
SHA256

28a518d58bc9de87f171107b5c69fcafc13568cf01badf750312f44369e99eb1
SHA512

4cba3ca91a2ecccb14f28012e13050267a9656e4ced80850e427cd557d146f828ac96210a1cf02dfb25db9eda59954eccb17d35c9f67d04a459917e8003cd91a
SSDEEP

6144:F9iFJ8WBcc8NxH8AYUbSHup43/zG34T4OEiDKeCo:F90L8sAYUbKyITlDh9

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  9654564e437afa4a9cfb133343e379c8c3c69f53f5b81f4cf2425c9cb9a487f4.exe
- Size
  
  286KB
- MD5
  
  67215a65f0750a47be8239b1f0e52ccf
- SHA1
  
  c3e13bd46d93894d74fddfda1586dfdcffd836a0
- SHA256
  
  9654564e437afa4a9cfb133343e379c8c3c69f53f5b81f4cf2425c9cb9a487f4
- SHA512
  
  c11861b1c5fdc480ea154c1e5c4e22a590c99f6714541997e536dfa485ed82532a5d6387bd40383aae3a8d3f86f060f96af47f6db3b4d929dba097db53b66d42
- SSDEEP
  
  6144:9af5UIKNEUtGWCZxD+WQ6WAc+BziMBXn/tz/JExFFtj:9afCvNntGWU1+sWAJ1RJEFtj
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2