gcleaner | 1f12a71ab132b30e7cba59d73b9bc6f69d0f650edbef04a9d749e4bddbcf4f65 | Triage

Sharing

General

Target

387c998d5bec37b97155fbb481efa100N.exe
Size

294KB
Sample

240910-b8ajdasgjc
MD5

387c998d5bec37b97155fbb481efa100
SHA1

c0ee4c58af4bf6ac6bb75cf280f532b084e8354b
SHA256

1f12a71ab132b30e7cba59d73b9bc6f69d0f650edbef04a9d749e4bddbcf4f65
SHA512

28abdab58d49e8e4a2937e00592edf0090c7ca0b2aebe228294303c0f9833845dc1a3a296622faa34859bb62b938744232ca9a8623afa4c916b85aa693c61a71
SSDEEP

6144:X/DaoUiX/Io29KOuxt9v6j5c5k2w7fIb/MI4M0Vdh1tQ:X7aozvIo29VQLCjW5k28Is1Vdz

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  387c998d5bec37b97155fbb481efa100N.exe
- Size
  
  294KB
- MD5
  
  387c998d5bec37b97155fbb481efa100
- SHA1
  
  c0ee4c58af4bf6ac6bb75cf280f532b084e8354b
- SHA256
  
  1f12a71ab132b30e7cba59d73b9bc6f69d0f650edbef04a9d749e4bddbcf4f65
- SHA512
  
  28abdab58d49e8e4a2937e00592edf0090c7ca0b2aebe228294303c0f9833845dc1a3a296622faa34859bb62b938744232ca9a8623afa4c916b85aa693c61a71
- SSDEEP
  
  6144:X/DaoUiX/Io29KOuxt9v6j5c5k2w7fIb/MI4M0Vdh1tQ:X7aozvIo29VQLCjW5k28Is1Vdz
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader