gcleaner | 87b5b85d4012bed6eed16f45775e00f32063652e2509a809ff00c6087c3c7f66 | Triage

Sharing

General

Target

87b5b85d4012bed6eed16f45775e00f32063652e2509a809ff00c6087c3c7f66.exe
Size

375KB
Sample

230405-m6abdadg89
MD5

3bad61d9d63393604c727deffc6b5160
SHA1

1cdc8045e990ee7aa86c590b3861bd0d19d997e4
SHA256

87b5b85d4012bed6eed16f45775e00f32063652e2509a809ff00c6087c3c7f66
SHA512

23fc23cffb79bdafb95b57d7f864489643b8dbdfc6f04605fa4e2e335e2b939645abbf718338cfe0913617a39164781e1718e20de544db607d7ba044b9f7bb54
SSDEEP

3072:s2X6pSLF3JH5z9ZE3pTqxIblSi2eIC4MYM4I82GP5Lwwxm+31+WANgth3Slo5R78:FL/ZzELadMLEzxlciSlG6u6b4e

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  87b5b85d4012bed6eed16f45775e00f32063652e2509a809ff00c6087c3c7f66.exe
- Size
  
  375KB
- MD5
  
  3bad61d9d63393604c727deffc6b5160
- SHA1
  
  1cdc8045e990ee7aa86c590b3861bd0d19d997e4
- SHA256
  
  87b5b85d4012bed6eed16f45775e00f32063652e2509a809ff00c6087c3c7f66
- SHA512
  
  23fc23cffb79bdafb95b57d7f864489643b8dbdfc6f04605fa4e2e335e2b939645abbf718338cfe0913617a39164781e1718e20de544db607d7ba044b9f7bb54
- SSDEEP
  
  3072:s2X6pSLF3JH5z9ZE3pTqxIblSi2eIC4MYM4I82GP5Lwwxm+31+WANgth3Slo5R78:FL/ZzELadMLEzxlciSlG6u6b4e
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2