gcleaner | 0e5abe6cdcce822b50207acec0b5b1e30f30c82e3b7d3d63589900a5a95e5c0f | Triage

Sharing

General

Target

0e5abe6cdcce822b50207acec0b5b1e30f30c82e3b7d3d63589900a5a95e5c0f.exe
Size

277KB
Sample

240524-mkt4nadg4s
MD5

3d9ef58f05865e16523d602fff554150
SHA1

b91bf9a4431244f58b0330948d2b1e20d9d48fcc
SHA256

0e5abe6cdcce822b50207acec0b5b1e30f30c82e3b7d3d63589900a5a95e5c0f
SHA512

e83b079f04e26b2bf472d4ec60c91fe79d88c1cb6b3917d00ac637da4166f1f873d9c756af06091f8763126c725aff0381bf32cded963b2708e6a3e17eeef273
SSDEEP

6144:FfR4IMSWntJKlIxeZVaP8V046bbQBaLUaneanr:FfKINWntAlIxoX0QBaLdP

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  0e5abe6cdcce822b50207acec0b5b1e30f30c82e3b7d3d63589900a5a95e5c0f.exe
- Size
  
  277KB
- MD5
  
  3d9ef58f05865e16523d602fff554150
- SHA1
  
  b91bf9a4431244f58b0330948d2b1e20d9d48fcc
- SHA256
  
  0e5abe6cdcce822b50207acec0b5b1e30f30c82e3b7d3d63589900a5a95e5c0f
- SHA512
  
  e83b079f04e26b2bf472d4ec60c91fe79d88c1cb6b3917d00ac637da4166f1f873d9c756af06091f8763126c725aff0381bf32cded963b2708e6a3e17eeef273
- SSDEEP
  
  6144:FfR4IMSWntJKlIxeZVaP8V046bbQBaLUaneanr:FfKINWntAlIxoX0QBaLdP
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2