gcleaner | f6cf800d44ff24fc1d1c06ccb0df605c5585f56fd041d335a5fe15628a1e9428 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

setup.exe
Size

362KB
Sample

230630-n6p79shf93
MD5

2d257873ee0ae75c9b89bd340e3e3da6
SHA1

9dd9080df32b375f39df6470136a5bb107829eba
SHA256

f6cf800d44ff24fc1d1c06ccb0df605c5585f56fd041d335a5fe15628a1e9428
SHA512

e89156f93c1ddb1292d31477e4d05937fc3a091a9868842f5cf861b9bea3c521c839cc557a8dcab0e3d651561b2d06392fcc9426278cd7797c2abeb6f5df5753
SSDEEP

3072:aYCP40soI6S4OjdPhhFZzWUE6itRd8iEmP7WLig/ZT4rNXeCLshvYJREGKm3aGjR:g4V6IV7ErRlEakMJXbsqQjmKJuF25V8

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  setup.exe
- Size
  
  362KB
- MD5
  
  2d257873ee0ae75c9b89bd340e3e3da6
- SHA1
  
  9dd9080df32b375f39df6470136a5bb107829eba
- SHA256
  
  f6cf800d44ff24fc1d1c06ccb0df605c5585f56fd041d335a5fe15628a1e9428
- SHA512
  
  e89156f93c1ddb1292d31477e4d05937fc3a091a9868842f5cf861b9bea3c521c839cc557a8dcab0e3d651561b2d06392fcc9426278cd7797c2abeb6f5df5753
- SSDEEP
  
  3072:aYCP40soI6S4OjdPhhFZzWUE6itRd8iEmP7WLig/ZT4rNXeCLshvYJREGKm3aGjR:g4V6IV7ErRlEakMJXbsqQjmKJuF25V8
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2