gcleaner | 7047b08b0091eecbc20b8f213dc446650befe900b586ac51ae2b3a5ebba44f4e | Triage

Sharing

General

Target

7047b08b0091eecbc20b8f213dc446650befe900b586ac51ae2b3a5ebba44f4e
Size

422KB
Sample

240912-h1abzaxepg
MD5

6033e7a30bae3bf5950789361921c795
SHA1

f3dfad41c52bad70e6afb92864dca1132963a95e
SHA256

7047b08b0091eecbc20b8f213dc446650befe900b586ac51ae2b3a5ebba44f4e
SHA512

2a5d0c723cbd7a968881d55faaefef6138d3566d29f9191a1d26ec131a5585a89f395921e08457d21f749e6824a63e2e6ab58099639d88854260dd8659c30ce8
SSDEEP

6144:1EPt4XFZoFd1JuB90/vTRrJgDKVJaoHSF68pXzHP6B:4tpFRecrV6oqHi

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  7047b08b0091eecbc20b8f213dc446650befe900b586ac51ae2b3a5ebba44f4e
- Size
  
  422KB
- MD5
  
  6033e7a30bae3bf5950789361921c795
- SHA1
  
  f3dfad41c52bad70e6afb92864dca1132963a95e
- SHA256
  
  7047b08b0091eecbc20b8f213dc446650befe900b586ac51ae2b3a5ebba44f4e
- SHA512
  
  2a5d0c723cbd7a968881d55faaefef6138d3566d29f9191a1d26ec131a5585a89f395921e08457d21f749e6824a63e2e6ab58099639d88854260dd8659c30ce8
- SSDEEP
  
  6144:1EPt4XFZoFd1JuB90/vTRrJgDKVJaoHSF68pXzHP6B:4tpFRecrV6oqHi
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader