Overview

overview

10

Static

static

10

gcleaner.exe

windows7-x64

7

gcleaner.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    gcleaner.bin

  • Size

    324KB

  • Sample

    230405-z5fszsbf5s

  • MD5

    f0fdfaad6edf6b629ffd261429dcd756

  • SHA1

    e364e2f87e231c6eb6a733d69f1b9033370f3107

  • SHA256

    3fb631fa531f1393af9469aabcb808eab87eb3c3fac3f901854b75fe4e806d0e

  • SHA512

    8be7750477b6f3d3a962931b57f90a4f7193fbbe28ad725ec090c816f85b7c30bf41c11455e4f2e3f1c9cda6f50925dc8575947e72b65e6aae003b912b4629b0

  • SSDEEP

    6144:msYSsp5yL23j0Tj4M6aW4I7NMk5B8k3qX/SCm63P8KAO8XNESqAguOSfmiCQsmG:msYSsp5R3j0Tj4XaW4I7NM0B9a04yHLg

Score
10/10
gcleaner

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      gcleaner.bin

    • Size

      324KB

    • MD5

      f0fdfaad6edf6b629ffd261429dcd756

    • SHA1

      e364e2f87e231c6eb6a733d69f1b9033370f3107

    • SHA256

      3fb631fa531f1393af9469aabcb808eab87eb3c3fac3f901854b75fe4e806d0e

    • SHA512

      8be7750477b6f3d3a962931b57f90a4f7193fbbe28ad725ec090c816f85b7c30bf41c11455e4f2e3f1c9cda6f50925dc8575947e72b65e6aae003b912b4629b0

    • SSDEEP

      6144:msYSsp5yL23j0Tj4M6aW4I7NMk5B8k3qX/SCm63P8KAO8XNESqAguOSfmiCQsmG:msYSsp5R3j0Tj4XaW4I7NM0B9a04yHLg

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks