gcleaner | bd9c3cc80e6627d40b443ce3bd4d4914e4bfaa79ab36ad63cf9aab6f19187c71 | Triage

Sharing

General

Target

efae384fcbecbe561ae78555645c7eb4cf49bad9a3af6204b584b3572d18fd5c.zip
Size

277KB
Sample

230321-qrffmaaf47
MD5

83ad86e4bd0816253e859a7ed7b62731
SHA1

df71740ea9e03df6f588cafab1f59aecfc533ce9
SHA256

bd9c3cc80e6627d40b443ce3bd4d4914e4bfaa79ab36ad63cf9aab6f19187c71
SHA512

c454891ec462c1d3cec7ae4e61d258f00e2403f52b18e83b232873905b557cbc10a9da316e4e6f6fff1d9c3da78b65454e9d8c419f956196b731db98e19d4f96
SSDEEP

6144:KhehFjNk8mvjO5xarj8wQbZHETanDYGTJ6QFFEnH/9mU4T:KinWO58rj8TJETaDbd6QTEn8ZT

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

45.139.105.171

85.31.46.167

107.182.129.235

171.22.30.106

Targets

- Target
  
  efae384fcbecbe561ae78555645c7eb4cf49bad9a3af6204b584b3572d18fd5c.exe
- Size
  
  382KB
- MD5
  
  0b210149771c6be2ed5b6b35a5cce602
- SHA1
  
  0eb97fd3876ad888b1a9c6eae468ff607a3cf6d3
- SHA256
  
  efae384fcbecbe561ae78555645c7eb4cf49bad9a3af6204b584b3572d18fd5c
- SHA512
  
  82d1871482bd12cbfa280faaafb1714ad52f6eed816584503583a3d6954e121c019c31f1414dd7c0ca23b081e63f8cf79e6b9766b7ad814aa3f6bb90fac29799
- SSDEEP
  
  6144:De/8LygqoByTolrDZkS/C12BZphqoLZ4PUyym3wVLvuVNG23BO:DQ8WgWopZkmCkZphqo2PUyB3wRGV42
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2