gcleaner | 430356796b9d5900277a024b887d8f4153fcbe2cd49e7cb4791a4c1b1eb8e914 | Triage

Sharing

General

Target

c539e1b35b57d8924a24e156bfcc7975.bin
Size

223KB
Sample

230402-cfdwrsfd6x
MD5

6747551f0226824d95698cd110f39099
SHA1

089ca67bbec47ab77e0ec831eed75129ce631c8f
SHA256

430356796b9d5900277a024b887d8f4153fcbe2cd49e7cb4791a4c1b1eb8e914
SHA512

78da6e8a6833d4ec76063fb6d33c2fe6e0309837596b3d270441122ea50eae77c0db9eb58717c2f428f1ea352d0b90efcb084304bed31fbc3f1c439f98d13d2c
SSDEEP

6144:O8sYx34ETq3wSbx7SWTBuVqWDgNVR4fp3GzaWljbjkMW7FIsI:X3x3V8t7SWTBKNcmd0Xfkn7Fq

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  ce53630e164fefbd80810e812308044a6c6705ae6c797aa680c0952b1b28c15f.exe
- Size
  
  286KB
- MD5
  
  c539e1b35b57d8924a24e156bfcc7975
- SHA1
  
  41be2de44376f7cc477d9213867f288702fc9a8d
- SHA256
  
  ce53630e164fefbd80810e812308044a6c6705ae6c797aa680c0952b1b28c15f
- SHA512
  
  8019d2e229244e74228fc1dbe1ac0a21eca864ab355e70ac54c29959c31f12511883f5ea218e424e81cb511183e7fabbe0f3bc87c9d3bd7436bfe42c58ee56b9
- SSDEEP
  
  3072:PpyvhHX7mjjOOM+WCBSi1pm64MlT6pb7gI7DOr2mntlMwGiphVBVda5MWaOiuCPg:xSCjvhbmWlQ7PyztHphna5DRiuIq59P
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2