gcleaner | 3ffdada986edc6412a966b49b35d63b38d836252f77c4c6488b3b564653f3af7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5ef4cf46165c932ee117830e7cd38ccf.exe
Size

259KB
Sample

240329-masg3sef4y
MD5

5ef4cf46165c932ee117830e7cd38ccf
SHA1

d45fc4a83fcd2a1fec421d55635d51bf02646d37
SHA256

3ffdada986edc6412a966b49b35d63b38d836252f77c4c6488b3b564653f3af7
SHA512

33a5d66a67e4e81b105a7ce4f4e4c82fb5d42cd8d3de4b0ac42f2cf2825b65d3699d7987ecbd323de69a7ac72227e9f934c73478c48ab9add9fa6bf7edd536be
SSDEEP

6144:crMgT9iXeD45U2VHSmAuLfNqeo7FGN1MFlsWY:QT9iXg45UAHJjNqeWFLc

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.115

Targets

- Target
  
  5ef4cf46165c932ee117830e7cd38ccf.exe
- Size
  
  259KB
- MD5
  
  5ef4cf46165c932ee117830e7cd38ccf
- SHA1
  
  d45fc4a83fcd2a1fec421d55635d51bf02646d37
- SHA256
  
  3ffdada986edc6412a966b49b35d63b38d836252f77c4c6488b3b564653f3af7
- SHA512
  
  33a5d66a67e4e81b105a7ce4f4e4c82fb5d42cd8d3de4b0ac42f2cf2825b65d3699d7987ecbd323de69a7ac72227e9f934c73478c48ab9add9fa6bf7edd536be
- SSDEEP
  
  6144:crMgT9iXeD45U2VHSmAuLfNqeo7FGN1MFlsWY:QT9iXg45UAHJjNqeWFLc
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2