gcleaner | 65739956328d7f12411f568fd83ea6c7ae1641fdf1c6dc450cc2c78c8242677b | Triage

Sharing

General

Target

65739956328d7f12411f568fd83ea6c7ae1641fdf1c6dc450cc2c78c8242677b.exe
Size

343KB
Sample

230405-m5y84sfg41
MD5

8deb97fea5fce1be5570f57787a8c21b
SHA1

3a1a111c133fdcd15cb1ae4ae8e626284243cbd7
SHA256

65739956328d7f12411f568fd83ea6c7ae1641fdf1c6dc450cc2c78c8242677b
SHA512

75d2a77cecc55085cabb8769f2c0bb40531b6957061c9b3887a1bee4a2ee343dbad6cc7781829dd9de229eb281c1dabae7fe4ea831ca34b7ddb784dcc875c5e2
SSDEEP

6144:P/PL7GU5lXYN9igXC+4CqJMe7YIe3Qg2:f3GU5lXgFXC+esIbg

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  65739956328d7f12411f568fd83ea6c7ae1641fdf1c6dc450cc2c78c8242677b.exe
- Size
  
  343KB
- MD5
  
  8deb97fea5fce1be5570f57787a8c21b
- SHA1
  
  3a1a111c133fdcd15cb1ae4ae8e626284243cbd7
- SHA256
  
  65739956328d7f12411f568fd83ea6c7ae1641fdf1c6dc450cc2c78c8242677b
- SHA512
  
  75d2a77cecc55085cabb8769f2c0bb40531b6957061c9b3887a1bee4a2ee343dbad6cc7781829dd9de229eb281c1dabae7fe4ea831ca34b7ddb784dcc875c5e2
- SSDEEP
  
  6144:P/PL7GU5lXYN9igXC+4CqJMe7YIe3Qg2:f3GU5lXgFXC+esIbg
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2