gcleaner | ad162d6197ac0bab3a3ddf4168b759af7228f049b9b20d1fcbdbd91a5626cccf | Triage

Sharing

General

Target

d45acc943c4d9bf0fc0c34031739caeb_JaffaCakes118
Size

335KB
Sample

240908-pk1mjswark
MD5

d45acc943c4d9bf0fc0c34031739caeb
SHA1

b47c1c093167d612135a0df388fb82b797377030
SHA256

ad162d6197ac0bab3a3ddf4168b759af7228f049b9b20d1fcbdbd91a5626cccf
SHA512

1d5acbe1ded58c2f55b7e16b12195d30502e4664d13bcebd8cdaf933ae8559a8361d6098d30967aa694c96e85791052e9108c9e32523cbfb4421bb74a2a5e83e
SSDEEP

6144:bl2lLNOopn0XSgIlt06CGBShERvecyEZbCD04sd8zsoSLFbgpQ6OV/b9:bWZvn0/6rTRv7ZbCH1YoS9gp4h

Score

10^/10

gcleaner discovery loader

Malware Config

Targets

- Target
  
  d45acc943c4d9bf0fc0c34031739caeb_JaffaCakes118
- Size
  
  335KB
- MD5
  
  d45acc943c4d9bf0fc0c34031739caeb
- SHA1
  
  b47c1c093167d612135a0df388fb82b797377030
- SHA256
  
  ad162d6197ac0bab3a3ddf4168b759af7228f049b9b20d1fcbdbd91a5626cccf
- SHA512
  
  1d5acbe1ded58c2f55b7e16b12195d30502e4664d13bcebd8cdaf933ae8559a8361d6098d30967aa694c96e85791052e9108c9e32523cbfb4421bb74a2a5e83e
- SSDEEP
  
  6144:bl2lLNOopn0XSgIlt06CGBShERvecyEZbCD04sd8zsoSLFbgpQ6OV/b9:bWZvn0/6rTRv7ZbCH1YoS9gp4h
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader