gcleaner | aac98fd8f667b58ae3d47c4198612e0896236a39191dfcf79fd430ec7687039e | Triage

Sharing

General

Target

43c684cde21885bd1a7add14846c6ce0ab374a6ff7163b655ec80186620770d3.zip
Size

204KB
Sample

230311-s89rxaac45
MD5

5061115c09a67142bb60246ded930744
SHA1

4152fdee1b4980a90e8433cc492b5d763a4cb4aa
SHA256

aac98fd8f667b58ae3d47c4198612e0896236a39191dfcf79fd430ec7687039e
SHA512

fae492d04d8e3755bd32f089e05e5dd4247b2c0c413352c47cda70ad1f75a8613e137701a920aa3337e10ac285e1340564c0d03f97bd1e24b169ae626195c1f2
SSDEEP

6144:t4ntH28gHq8abGb4mSFqbYOx8xDLObuA6+2ppEX:t4ntW/HR4mSFqUOx8xvd3+2pGX

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  43c684cde21885bd1a7add14846c6ce0ab374a6ff7163b655ec80186620770d3.exe
- Size
  
  331KB
- MD5
  
  2cb08ca754964460e0c6d81e1250c974
- SHA1
  
  7f62b1284addc0f579b2ca240352027711d021f0
- SHA256
  
  43c684cde21885bd1a7add14846c6ce0ab374a6ff7163b655ec80186620770d3
- SHA512
  
  c00361862d1977e1a591a0a2ef21bc35aee37a97ff55ecffeb632a850000456613d497fa76e23a7e676473fd9a4bc325a0443a7bcf95fda512e3a08e314785ad
- SSDEEP
  
  6144:H5XlqHQCFVZqVFbFso4D3N/B3yoGkaFtZWfdW4TE3v1144C0K:H9sHQCFVQVFb095CGaFtZ4dW1cn
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2