gcleaner | 6f4c8936d3a99cb30a58c294ceeaf158587a6fc1776a6dba4213134e4225734c | Triage

Sharing

General

Target

e4ff3bee77eea05ba54f0e0757341837.exe
Size

308KB
Sample

240830-r9r3ta1arp
MD5

e4ff3bee77eea05ba54f0e0757341837
SHA1

690e83f77e71a3d5366453ce20809e0815f97105
SHA256

6f4c8936d3a99cb30a58c294ceeaf158587a6fc1776a6dba4213134e4225734c
SHA512

2789f481bde6012d3a80c94d38a77696a1f48ddbdc65c66c874ae47d8532ee7efc193578f482e574769ed7ae9d0eb6d0a471631614b5019dd6d150b2f6336f55
SSDEEP

3072:nMjOScSxw4QffmVYe+xm5Y3mh8vJY+pvK7UOt1FI2JsHI4aMvy/:nMjOSzxdQxeD5Yc8vK7wYso4amy

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  e4ff3bee77eea05ba54f0e0757341837.exe
- Size
  
  308KB
- MD5
  
  e4ff3bee77eea05ba54f0e0757341837
- SHA1
  
  690e83f77e71a3d5366453ce20809e0815f97105
- SHA256
  
  6f4c8936d3a99cb30a58c294ceeaf158587a6fc1776a6dba4213134e4225734c
- SHA512
  
  2789f481bde6012d3a80c94d38a77696a1f48ddbdc65c66c874ae47d8532ee7efc193578f482e574769ed7ae9d0eb6d0a471631614b5019dd6d150b2f6336f55
- SSDEEP
  
  3072:nMjOScSxw4QffmVYe+xm5Y3mh8vJY+pvK7UOt1FI2JsHI4aMvy/:nMjOSzxdQxeD5Yc8vK7wYso4amy
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader