gcleaner | 9b6bf6b18292879d45cbd5ed83ac14f088484299fcdcf5d382a2acf5e6887131 | Triage

Sharing

General

Target

9b6bf6b18292879d45cbd5ed83ac14f088484299fcdcf5d382a2acf5e6887131.exe
Size

3.1MB
Sample

230405-m6lpeadh76
MD5

1764990523d5dd6c063275abde06d3da
SHA1

fed5a57022bf7e25b5008b85b249c1046d28f6d0
SHA256

9b6bf6b18292879d45cbd5ed83ac14f088484299fcdcf5d382a2acf5e6887131
SHA512

b5f3aee2ef8e815ce20a0fa0ace3a1b8cedc6e01b9f0305702b619c6eb98e263c85c756b10869ada7b010ff5e25235d1cdd582a11b2656917cc37874afb0e9e9
SSDEEP

49152:amlQxq/9pIzOIlZKfB0rDM0GXCQuSJHC8zV:qc0l8WrzkCQugi0V

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  9b6bf6b18292879d45cbd5ed83ac14f088484299fcdcf5d382a2acf5e6887131.exe
- Size
  
  3.1MB
- MD5
  
  1764990523d5dd6c063275abde06d3da
- SHA1
  
  fed5a57022bf7e25b5008b85b249c1046d28f6d0
- SHA256
  
  9b6bf6b18292879d45cbd5ed83ac14f088484299fcdcf5d382a2acf5e6887131
- SHA512
  
  b5f3aee2ef8e815ce20a0fa0ace3a1b8cedc6e01b9f0305702b619c6eb98e263c85c756b10869ada7b010ff5e25235d1cdd582a11b2656917cc37874afb0e9e9
- SSDEEP
  
  49152:amlQxq/9pIzOIlZKfB0rDM0GXCQuSJHC8zV:qc0l8WrzkCQugi0V
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2