gcleaner | ff3953d92d4a556d217f8f9f1f060e03f5709e965e4e0db5ec546c1eef0664ad | Triage

Sharing

General

Target

b631035b2db41d9ff52558a5ad67c590N.exe
Size

284KB
Sample

240914-2lnets1crg
MD5

b631035b2db41d9ff52558a5ad67c590
SHA1

36d8eeaca6e6d3b6145ba8283cf1096bb5cb0c36
SHA256

ff3953d92d4a556d217f8f9f1f060e03f5709e965e4e0db5ec546c1eef0664ad
SHA512

b53bc2ccf4818f3f18589e13d2cdedb09f7dad3ad40b66a094f77f9ed07fb9a2af5fbde197d0ee4d36c951a12260f6c1f06542ce89ebb7b1ae7775a873163bf1
SSDEEP

3072:ILX6g2KfE5QcSR7mg51KxdaZ7+TzMwyn93YkUeEMVqEW2m9JUZLuQTdzZ/pUNY0N:ILX6g2oE5QcLna8Eb9vYyuQTdJ6Nnd

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  b631035b2db41d9ff52558a5ad67c590N.exe
- Size
  
  284KB
- MD5
  
  b631035b2db41d9ff52558a5ad67c590
- SHA1
  
  36d8eeaca6e6d3b6145ba8283cf1096bb5cb0c36
- SHA256
  
  ff3953d92d4a556d217f8f9f1f060e03f5709e965e4e0db5ec546c1eef0664ad
- SHA512
  
  b53bc2ccf4818f3f18589e13d2cdedb09f7dad3ad40b66a094f77f9ed07fb9a2af5fbde197d0ee4d36c951a12260f6c1f06542ce89ebb7b1ae7775a873163bf1
- SSDEEP
  
  3072:ILX6g2KfE5QcSR7mg51KxdaZ7+TzMwyn93YkUeEMVqEW2m9JUZLuQTdzZ/pUNY0N:ILX6g2oE5QcLna8Eb9vYyuQTdJ6Nnd
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader