gcleaner | 8bff160da4a076aa92a27a0da6eff5911acd3e1461f7b6cf274fb7a35c984af0 | Triage

Sharing

General

Target

9ccfc9b35faf4c02d6d8c4d6430f94bb.bin
Size

185KB
Sample

240904-krt15axbpm
MD5

64c08815dfd0b40c2ee201bf4fea1398
SHA1

e24f692093d31521bf3636e85a7616b5b546d070
SHA256

8bff160da4a076aa92a27a0da6eff5911acd3e1461f7b6cf274fb7a35c984af0
SHA512

0519f8ef7bbd0d0291dcbe483c03af5294cf119359e44f33b73a0bc4e2854006f9159f9092edba8105fab8bd794c1e81a0892395f80ba3bdd030f13eaefca7c4
SSDEEP

3072:Yo1RxC9Y276livzDK8d9uSb0in/o1qwETabM1ErekqbjB0Xz6RIlsqRDmItHpqJE:Y4xialivzJ9JQ1qzTeRqbGzeIG0pqSSI

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  17755d80106436dddce6838115080879d71e018056ed2f72470ff8ddb7a48739.exe
- Size
  
  271KB
- MD5
  
  9ccfc9b35faf4c02d6d8c4d6430f94bb
- SHA1
  
  bf4d401d466b5c004141484d0bce7b5d12960a75
- SHA256
  
  17755d80106436dddce6838115080879d71e018056ed2f72470ff8ddb7a48739
- SHA512
  
  b2d175d1cfaf81694769ddde1e1a78be0af7caf4928a93be3b8902517495f93878ef70ee49aa5cebcd9b636f5fa4bda7a19f366b48ec00356475c3ab9c688c6c
- SSDEEP
  
  6144:gWBoBMvaF1X2TafXAHU1v9zmftWpacUYSp/1Ukgq:gtMvaCafXAHsvCwxk
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader