gcleaner | 25a2a5069c502b7aafebbdf26a2d80225774f39f537f2d1b03e3099300d6b3f9 | Triage

Sharing

General

Target

411e9fea926f54e6c213adeedc05d03e.exe
Size

311KB
Sample

230401-g4bhrsgd62
MD5

411e9fea926f54e6c213adeedc05d03e
SHA1

c284cc7f373e9e512b8e8a0b5e127e5959b09eec
SHA256

25a2a5069c502b7aafebbdf26a2d80225774f39f537f2d1b03e3099300d6b3f9
SHA512

91fa1f6128b5aafb84f5dd8dbf13f84a2e35fc04212a6f1a358fa505cf9f1fb0f34973e002e91ac9dc41c19c7bdab0cdf9eddb08883271dde57b2baecca278e9
SSDEEP

3072:3vbbKTou4/uz4jtXl9aYWRF6s8cEv5AWXIwtzIzEP1jq/9RovU46QDTY/+lHViv:kN4G0jt88DuWYwd1jqzovp8/6EzzHpK

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  411e9fea926f54e6c213adeedc05d03e.exe
- Size
  
  311KB
- MD5
  
  411e9fea926f54e6c213adeedc05d03e
- SHA1
  
  c284cc7f373e9e512b8e8a0b5e127e5959b09eec
- SHA256
  
  25a2a5069c502b7aafebbdf26a2d80225774f39f537f2d1b03e3099300d6b3f9
- SHA512
  
  91fa1f6128b5aafb84f5dd8dbf13f84a2e35fc04212a6f1a358fa505cf9f1fb0f34973e002e91ac9dc41c19c7bdab0cdf9eddb08883271dde57b2baecca278e9
- SSDEEP
  
  3072:3vbbKTou4/uz4jtXl9aYWRF6s8cEv5AWXIwtzIzEP1jq/9RovU46QDTY/+lHViv:kN4G0jt88DuWYwd1jqzovp8/6EzzHpK
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2