gcleaner | da91cc4c410cde5d1e3be2595251e20fc5015713ac8051bcdaa99b3e8b0d4de9 | Triage

Sharing

General

Target

e9fa30bb049ccbce95657f7fdb60cb1c_JaffaCakes118
Size

332KB
Sample

240918-zz3qkatepj
MD5

e9fa30bb049ccbce95657f7fdb60cb1c
SHA1

8841faf1a39933a491d47107dc8bc25bfffa8984
SHA256

da91cc4c410cde5d1e3be2595251e20fc5015713ac8051bcdaa99b3e8b0d4de9
SHA512

7fe82a4f46b594084ffcb763c9958a05e8371a01f741d21c25d5fadcc60b4feb334cfe88cf194224af5bb57bb7d3926ea141bcc13c1bd2bf0ee2df08b7fdfa45
SSDEEP

6144:ie6y1a2AxRsu5Epoo+0Ctblwz5ZR6XcsxytXBRgjyX64GIrWCv:iE1a2AXcoo5CkR6/xmX3gjvhIrWc

Score

10^/10

gcleaner discovery loader

Malware Config

Targets

- Target
  
  e9fa30bb049ccbce95657f7fdb60cb1c_JaffaCakes118
- Size
  
  332KB
- MD5
  
  e9fa30bb049ccbce95657f7fdb60cb1c
- SHA1
  
  8841faf1a39933a491d47107dc8bc25bfffa8984
- SHA256
  
  da91cc4c410cde5d1e3be2595251e20fc5015713ac8051bcdaa99b3e8b0d4de9
- SHA512
  
  7fe82a4f46b594084ffcb763c9958a05e8371a01f741d21c25d5fadcc60b4feb334cfe88cf194224af5bb57bb7d3926ea141bcc13c1bd2bf0ee2df08b7fdfa45
- SSDEEP
  
  6144:ie6y1a2AxRsu5Epoo+0Ctblwz5ZR6XcsxytXBRgjyX64GIrWCv:iE1a2AXcoo5CkR6/xmX3gjvhIrWc
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader