gcleaner | aa0a301b357e04455ee9a5d2e99a1139381e0618457600676b5e14932f922efa | Triage

Sharing

General

Target

aa0a301b357e04455ee9a5d2e99a1139381e0618457600676b5e14932f922efa
Size

282KB
Sample

240920-1xkbwa1bjj
MD5

02bb7b3e922228d157cf73fcc17fa5e6
SHA1

da698abfd0e2612c08396d706e2b8050cec6f5f0
SHA256

aa0a301b357e04455ee9a5d2e99a1139381e0618457600676b5e14932f922efa
SHA512

5f8db6de75c9aa7e55e61de6ec3f6ec496103d8b744c19bd017f9e112ba926c510baaf85940fc3a999c5e7d27dfab073b3264c366e6f1c7ba1fb7d0f2a51ef9c
SSDEEP

6144:4//L8yCAvG97vjF+YWl/DnTEOFQ6IGqXH/:4//Qy9+97L8DnTHkv

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  aa0a301b357e04455ee9a5d2e99a1139381e0618457600676b5e14932f922efa
- Size
  
  282KB
- MD5
  
  02bb7b3e922228d157cf73fcc17fa5e6
- SHA1
  
  da698abfd0e2612c08396d706e2b8050cec6f5f0
- SHA256
  
  aa0a301b357e04455ee9a5d2e99a1139381e0618457600676b5e14932f922efa
- SHA512
  
  5f8db6de75c9aa7e55e61de6ec3f6ec496103d8b744c19bd017f9e112ba926c510baaf85940fc3a999c5e7d27dfab073b3264c366e6f1c7ba1fb7d0f2a51ef9c
- SSDEEP
  
  6144:4//L8yCAvG97vjF+YWl/DnTEOFQ6IGqXH/:4//Qy9+97L8DnTHkv
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader