gcleaner | 3fb631fa531f1393af9469aabcb808eab87eb3c3fac3f901854b75fe4e806d0e | Triage

Sharing

General

Target

gcleaner.bin
Size

324KB
Sample

230405-z5fszsbf5s
MD5

f0fdfaad6edf6b629ffd261429dcd756
SHA1

e364e2f87e231c6eb6a733d69f1b9033370f3107
SHA256

3fb631fa531f1393af9469aabcb808eab87eb3c3fac3f901854b75fe4e806d0e
SHA512

8be7750477b6f3d3a962931b57f90a4f7193fbbe28ad725ec090c816f85b7c30bf41c11455e4f2e3f1c9cda6f50925dc8575947e72b65e6aae003b912b4629b0
SSDEEP

6144:msYSsp5yL23j0Tj4M6aW4I7NMk5B8k3qX/SCm63P8KAO8XNESqAguOSfmiCQsmG:msYSsp5R3j0Tj4XaW4I7NM0B9a04yHLg

Score

10^/10

gcleaner

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  gcleaner.bin
- Size
  
  324KB
- MD5
  
  f0fdfaad6edf6b629ffd261429dcd756
- SHA1
  
  e364e2f87e231c6eb6a733d69f1b9033370f3107
- SHA256
  
  3fb631fa531f1393af9469aabcb808eab87eb3c3fac3f901854b75fe4e806d0e
- SHA512
  
  8be7750477b6f3d3a962931b57f90a4f7193fbbe28ad725ec090c816f85b7c30bf41c11455e4f2e3f1c9cda6f50925dc8575947e72b65e6aae003b912b4629b0
- SSDEEP
  
  6144:msYSsp5yL23j0Tj4M6aW4I7NMk5B8k3qX/SCm63P8KAO8XNESqAguOSfmiCQsmG:msYSsp5R3j0Tj4XaW4I7NM0B9a04yHLg
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2