gcleaner | 2268bf9b36b0c2d19ca70ed7b1556cfc7b67dae39b8eb49c8e37b532d60c6697 | Triage

Sharing

General

Target

2268bf9b36b0c2d19ca70ed7b1556cfc7b67dae39b8eb49c8e37b532d60c6697
Size

282KB
Sample

240912-w7snsaxhlp
MD5

1898e1e3c3624742e745268c86ac5efa
SHA1

96b827774ff1e88d7fddaabf535a3635318c156d
SHA256

2268bf9b36b0c2d19ca70ed7b1556cfc7b67dae39b8eb49c8e37b532d60c6697
SHA512

b9e2b983bd35fb931d8ab0f02a06985bdc6b53fb20c9e0727d2e743e22406c68887158faedd605826ccdff00a218f04422c1f11ec62404fc34d82aa46f803cf0
SSDEEP

6144:3QVk9GPx0Nh0K6/Qdm2Jb/pkKqProI+0:3QGsPxQhDrp7qPro

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  2268bf9b36b0c2d19ca70ed7b1556cfc7b67dae39b8eb49c8e37b532d60c6697
- Size
  
  282KB
- MD5
  
  1898e1e3c3624742e745268c86ac5efa
- SHA1
  
  96b827774ff1e88d7fddaabf535a3635318c156d
- SHA256
  
  2268bf9b36b0c2d19ca70ed7b1556cfc7b67dae39b8eb49c8e37b532d60c6697
- SHA512
  
  b9e2b983bd35fb931d8ab0f02a06985bdc6b53fb20c9e0727d2e743e22406c68887158faedd605826ccdff00a218f04422c1f11ec62404fc34d82aa46f803cf0
- SSDEEP
  
  6144:3QVk9GPx0Nh0K6/Qdm2Jb/pkKqProI+0:3QGsPxQhDrp7qPro
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader