gcleaner | ce53630e164fefbd80810e812308044a6c6705ae6c797aa680c0952b1b28c15f | Triage

Sharing

General

Target

c539e1b35b57d8924a24e156bfcc7975.exe
Size

286KB
Sample

230331-1cfsyseh51
MD5

c539e1b35b57d8924a24e156bfcc7975
SHA1

41be2de44376f7cc477d9213867f288702fc9a8d
SHA256

ce53630e164fefbd80810e812308044a6c6705ae6c797aa680c0952b1b28c15f
SHA512

8019d2e229244e74228fc1dbe1ac0a21eca864ab355e70ac54c29959c31f12511883f5ea218e424e81cb511183e7fabbe0f3bc87c9d3bd7436bfe42c58ee56b9
SSDEEP

3072:PpyvhHX7mjjOOM+WCBSi1pm64MlT6pb7gI7DOr2mntlMwGiphVBVda5MWaOiuCPg:xSCjvhbmWlQ7PyztHphna5DRiuIq59P

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  c539e1b35b57d8924a24e156bfcc7975.exe
- Size
  
  286KB
- MD5
  
  c539e1b35b57d8924a24e156bfcc7975
- SHA1
  
  41be2de44376f7cc477d9213867f288702fc9a8d
- SHA256
  
  ce53630e164fefbd80810e812308044a6c6705ae6c797aa680c0952b1b28c15f
- SHA512
  
  8019d2e229244e74228fc1dbe1ac0a21eca864ab355e70ac54c29959c31f12511883f5ea218e424e81cb511183e7fabbe0f3bc87c9d3bd7436bfe42c58ee56b9
- SSDEEP
  
  3072:PpyvhHX7mjjOOM+WCBSi1pm64MlT6pb7gI7DOr2mntlMwGiphVBVda5MWaOiuCPg:xSCjvhbmWlQ7PyztHphna5DRiuIq59P
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2