gcleaner | 343dd59523f02e282a83c336c051e6902d3b5a3c2d5f9de628d7b5fefb61c8ae | Triage

Sharing

General

Target

bf1da988e71f4e6b5aa9ad169d1637ac47ac43b548fdb1173733922d620572c5.zip
Size

208KB
Sample

230311-s89f5sca9w
MD5

19381a672b9559dcc377a8260bf62cae
SHA1

7693682182e98f44dedd02890584c5558f0a036c
SHA256

343dd59523f02e282a83c336c051e6902d3b5a3c2d5f9de628d7b5fefb61c8ae
SHA512

e924d1fc32fb2639a4b3bfbb93655f224d2059a893aae1e4bbd6be5e8e738bff4ac5768038050ac4f8b5f27431d0646700a5abed384a8b8a32c56009238cdf88
SSDEEP

6144:K+gK2cs/8BpbqIufBu/rllPVK1mm5xZ9B4rPC:K+gKS0BmfBu/rllPVK1ma4ra

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  bf1da988e71f4e6b5aa9ad169d1637ac47ac43b548fdb1173733922d620572c5.exe
- Size
  
  273KB
- MD5
  
  bd6da92bd52d003123cbc4759dec1002
- SHA1
  
  9dafebf9cfdc15cd54c56b767b07b0d7944d1f92
- SHA256
  
  bf1da988e71f4e6b5aa9ad169d1637ac47ac43b548fdb1173733922d620572c5
- SHA512
  
  9c7867046c173643f150a322a95f830c0a04c2bc50b72925ffb87dbf11188d54d3152d855e6741e3b107f0c92dc9e037e421d531ad2921226fe0b71042ede302
- SSDEEP
  
  6144:BqgzUOOHyHYY9CU3v/fQ1Buu48mVUKfm8XZdpqRI:BqgzyyHYY9CU3v/EBuu48iUQXAK
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2