gcleaner | 12b0b7064188ef1bb3297912d4152bcf994ff04ddf7608866eecb3766effd768 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

12b0b7064188ef1bb3297912d4152bcf994ff04ddf7608866eecb3766effd768
Size

152KB
Sample

240417-qym42saa44
MD5

4c9403df76483a3a6b921a7277e94281
SHA1

a92df9cb898f0035bd4ce8caec9ad6f51c623fd3
SHA256

12b0b7064188ef1bb3297912d4152bcf994ff04ddf7608866eecb3766effd768
SHA512

a0ab9f16b91fd1e3220823d7535663aeaa24bffdcede1c26b5ff478e552539ac4a8fe874027a944c3dba2af6356919ccefacca89a879bf33f6f144fd90169764
SSDEEP

3072:elm9M6LATEqePNwjyJMHYJP+nmLZze77aWeEQ/tuL:ev6PdVUyJM0PEqM2pw

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.115

Targets

- Target
  
  3a810c8e25c4e2bee013eff6ff95fc378456abb435299da1faffe6ac12d0934a.exe
- Size
  
  222KB
- MD5
  
  6410d5a54714bbee2d34c32082e6ecd2
- SHA1
  
  e98ee40e25c1a52adaea2147bab0051bd510177a
- SHA256
  
  3a810c8e25c4e2bee013eff6ff95fc378456abb435299da1faffe6ac12d0934a
- SHA512
  
  2a139bf11167569722060fdf0cfe38628fafb09d4353f9801025bfcd454366588c9d9b11712a32d17938fb5dff73196704aa42a43257d0dc3ed903881e814c77
- SSDEEP
  
  3072:venboFIBgJ+EWroYEzDIwyBql9zZvMA7+LDNzE7MTKwxlFrgC4:WceEWkTIGl9OA7+tzEIllFr
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2