gcleaner | 3a74e3001ba1082f095789b7bdd36f7896c98394852ef6d27789b20b32c21bb2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3a74e3001ba1082f095789b7bdd36f7896c98394852ef6d27789b20b32c21bb2
Size

263KB
Sample

240315-gejg3sbd76
MD5

55fa49411be493025d1c522ba540ac53
SHA1

cc9e6c3bf2ac31f29ca1c85137cfa92775ac21e9
SHA256

3a74e3001ba1082f095789b7bdd36f7896c98394852ef6d27789b20b32c21bb2
SHA512

bcae19ba6e962cf74677a34c4e1c461c4ad637b67edfb12119d77eee13a27e79484223c570799cc06313027ce05f14eafbfc7bd356c9121c17692b6d1b9f7f25
SSDEEP

3072:L3jYetYeNNCg1cx53lDQ20kwsWhTtBEupfImF0z2YGOB6dO4Z1LbeMDpf9:Lz0UCGgn6sWhX7AmyzHM5iMd

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.115

Targets

- Target
  
  3a74e3001ba1082f095789b7bdd36f7896c98394852ef6d27789b20b32c21bb2
- Size
  
  263KB
- MD5
  
  55fa49411be493025d1c522ba540ac53
- SHA1
  
  cc9e6c3bf2ac31f29ca1c85137cfa92775ac21e9
- SHA256
  
  3a74e3001ba1082f095789b7bdd36f7896c98394852ef6d27789b20b32c21bb2
- SHA512
  
  bcae19ba6e962cf74677a34c4e1c461c4ad637b67edfb12119d77eee13a27e79484223c570799cc06313027ce05f14eafbfc7bd356c9121c17692b6d1b9f7f25
- SSDEEP
  
  3072:L3jYetYeNNCg1cx53lDQ20kwsWhTtBEupfImF0z2YGOB6dO4Z1LbeMDpf9:Lz0UCGgn6sWhX7AmyzHM5iMd
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2