gcleaner | f5aa91ba06cff3fa8c6c98e3c64135a8ba43d0cc389bfb4cee09768267358713 | Triage

Sharing

General

Target

6f09a1d30715544623eab7c311813fab28fe4b31068960263ccd7ff5812edb14.zip
Size

232KB
Sample

230311-s87ybaca9t
MD5

a2738c83496c92b28f080f81e7404282
SHA1

d3f258994adb37b7f1f98535b86ac6bb29e78772
SHA256

f5aa91ba06cff3fa8c6c98e3c64135a8ba43d0cc389bfb4cee09768267358713
SHA512

d5696dcfd00a07f8c7a027e73324c389ca84512ba2491db2bdc1b60be77322f2d79c48cf1ec73f49f2ce3d3c29fc931faabdc7e9dd19f3c3184daf4fcd514851
SSDEEP

3072:ogQc5p1t4Qlt2wzmU6BA0tLPeUG7t89rQbfVKyoT80Zv+CvuShjX67a79:Xj7hcA0ze96rQJLS5+CWSN67O

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  6f09a1d30715544623eab7c311813fab28fe4b31068960263ccd7ff5812edb14.exe
- Size
  
  378KB
- MD5
  
  991b4e2195f816f478726186e82dd1ea
- SHA1
  
  9ed50806a3e0a9c5f0d76457ccc7369d1fc4e09c
- SHA256
  
  6f09a1d30715544623eab7c311813fab28fe4b31068960263ccd7ff5812edb14
- SHA512
  
  97e449a9a443ae686b7e977a4674fb95194a9f525bfa911e6b2a0d52740441f36284f1b952289a37908079a31f26505f0f16335e44f6ec26e578756f72b40452
- SSDEEP
  
  6144:C3vILLyDwfzf6aokbVFXH8caFnWi7iDEq/F0sJX9l:/eDwbf6aRj38ei76EqLJ
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2