gcleaner | f5fc81b7f341f813d8ed29f293c0d65cc266f3d6ddec7db58b06115993bb642c | Triage

Sharing

General

Target

8a2ed465f876e200314451371c46e38ddb7dae622efe7f60bb7d58d9291651d5.zip
Size

208KB
Sample

230311-s8za6sac38
MD5

1bde32987805148c013164424b7119bd
SHA1

eeea0546c86b1dddb5cb90ba33d70c4f43f13fe5
SHA256

f5fc81b7f341f813d8ed29f293c0d65cc266f3d6ddec7db58b06115993bb642c
SHA512

77774693f695530af2c384c818abc91c33ce40fdfdcd7a437eaa636e7ae7c7e48b1709dfc4d085534bdcffbd6a7fa2f5b820ce0193e4654a7eb85ee1db9f2bc1
SSDEEP

3072:2X5KswlQ4eWfRcJrN3gEN4hu6E8OdnO6KajSa8YkDuSp9BE6L6kaKvZcJ:2X5KxSP5gfE8oO6KKY9DF/+6LJa2uJ

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  8a2ed465f876e200314451371c46e38ddb7dae622efe7f60bb7d58d9291651d5.exe
- Size
  
  273KB
- MD5
  
  bfe0a34bb6494a9b1e866efe97ccd11b
- SHA1
  
  2222524e5bf603c3166ed445ae5f94f2ebe1fc6e
- SHA256
  
  8a2ed465f876e200314451371c46e38ddb7dae622efe7f60bb7d58d9291651d5
- SHA512
  
  9520cace14670c5aff3fcad7476c231d04b4a8b152f0af12cabbcc1a4947ca9007a2a65e3cf010e9a6dfd0f2388cc58def7d8e28338c3f516c0733613e28111c
- SSDEEP
  
  6144:5qgB6W89GHqzCzKDJUF3sIcqZi5WZbvEeTqa48Hd/:5qgB6bGHqzCGUF3niUHz485
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2