gcleaner | 87137f8ac515457f952efd992e0efcb3373337f7a311e27ba61b36e7f31033f3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6c0285eefe2804e725422c8c0fe61149.exe
Size

236KB
Sample

240514-3tzy9sfb66
MD5

6c0285eefe2804e725422c8c0fe61149
SHA1

f59f9c47bdf9bc3f3bfe99dfc162ba8faec72563
SHA256

87137f8ac515457f952efd992e0efcb3373337f7a311e27ba61b36e7f31033f3
SHA512

113627a265408983ee1597eac088a30c165435d1bf789c0cbd817e0a0d6b705dea2f93b55c0f8a841879e68d333bcaa385a76b027f193fe79bd680f3ccd12657
SSDEEP

6144:8NV8p4KfDNhW7f9Kjlv6mZhkyHyETewkhrHJnLcVASJx+KlrKbx038mmTBDw4AOT:8NV8plbNhW7f9Kjlv6mZhkyHyETewkhb

Score

10^/10

gcleaner

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

5.42.65.64

Targets

- Target
  
  6c0285eefe2804e725422c8c0fe61149.exe
- Size
  
  236KB
- MD5
  
  6c0285eefe2804e725422c8c0fe61149
- SHA1
  
  f59f9c47bdf9bc3f3bfe99dfc162ba8faec72563
- SHA256
  
  87137f8ac515457f952efd992e0efcb3373337f7a311e27ba61b36e7f31033f3
- SHA512
  
  113627a265408983ee1597eac088a30c165435d1bf789c0cbd817e0a0d6b705dea2f93b55c0f8a841879e68d333bcaa385a76b027f193fe79bd680f3ccd12657
- SSDEEP
  
  6144:8NV8p4KfDNhW7f9Kjlv6mZhkyHyETewkhrHJnLcVASJx+KlrKbx038mmTBDw4AOT:8NV8plbNhW7f9Kjlv6mZhkyHyETewkhb
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2