gcleaner | 8123a9be56fc060e23f0e5300c0d5a8661db98cc7cdcab6c5f40fbc054fa51c9 | Triage

Sharing

General

Target

8b98ab7c2c0c1b05603f3e9c580c0f71e9f6737f3d5a99d4777d945b14d1e67e.zip
Size

220KB
Sample

230311-s79eraca8w
MD5

e81555e23af2dd0b2a943c5c8adda295
SHA1

9bd9599eed34beaf354e02ec71bd912c01b3f686
SHA256

8123a9be56fc060e23f0e5300c0d5a8661db98cc7cdcab6c5f40fbc054fa51c9
SHA512

51b9c5619b1eaf62af8d6e0ddf38b7abd4d467d75631dfdd2f73159eb8a0c48190fd2ebfe02a9013373915ece93e9252f629747f0b49158e77b2b43edbc66782
SSDEEP

6144:3Tcu6ClrdGD3UWhSMNd4BA/fjkx0aj1Y/rOL1IdO:LlJOUMr5Au81QSp

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  8b98ab7c2c0c1b05603f3e9c580c0f71e9f6737f3d5a99d4777d945b14d1e67e.exe
- Size
  
  286KB
- MD5
  
  c2b789418aac48cba417fb716c3fd796
- SHA1
  
  3288dfa064922855033d35fcff773dc1a03e4ff6
- SHA256
  
  8b98ab7c2c0c1b05603f3e9c580c0f71e9f6737f3d5a99d4777d945b14d1e67e
- SHA512
  
  ae8c7d90de615b6ed54c37daafbf8828e48f158a8bd700fc0353b794bc5e0aca921593c5b645c125adea548e91a4da69e4be81083cd0a16dcc0d242cbfa3268c
- SSDEEP
  
  6144:ofkEUIzKUzqKjPvwIpUKSCNxDGD1BmH8d8xXj:ofkT29zqKjI0S4AeASXj
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2