gcleaner | 17755d80106436dddce6838115080879d71e018056ed2f72470ff8ddb7a48739 | Triage

Sharing

General

Target

17755d80106436dddce6838115080879d71e018056ed2f72470ff8ddb7a48739.exe
Size

271KB
Sample

240903-bmyn3ssgkm
MD5

9ccfc9b35faf4c02d6d8c4d6430f94bb
SHA1

bf4d401d466b5c004141484d0bce7b5d12960a75
SHA256

17755d80106436dddce6838115080879d71e018056ed2f72470ff8ddb7a48739
SHA512

b2d175d1cfaf81694769ddde1e1a78be0af7caf4928a93be3b8902517495f93878ef70ee49aa5cebcd9b636f5fa4bda7a19f366b48ec00356475c3ab9c688c6c
SSDEEP

6144:gWBoBMvaF1X2TafXAHU1v9zmftWpacUYSp/1Ukgq:gtMvaCafXAHsvCwxk

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  17755d80106436dddce6838115080879d71e018056ed2f72470ff8ddb7a48739.exe
- Size
  
  271KB
- MD5
  
  9ccfc9b35faf4c02d6d8c4d6430f94bb
- SHA1
  
  bf4d401d466b5c004141484d0bce7b5d12960a75
- SHA256
  
  17755d80106436dddce6838115080879d71e018056ed2f72470ff8ddb7a48739
- SHA512
  
  b2d175d1cfaf81694769ddde1e1a78be0af7caf4928a93be3b8902517495f93878ef70ee49aa5cebcd9b636f5fa4bda7a19f366b48ec00356475c3ab9c688c6c
- SSDEEP
  
  6144:gWBoBMvaF1X2TafXAHU1v9zmftWpacUYSp/1Ukgq:gtMvaCafXAHsvCwxk
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader