gcleaner | 3cf4b258142373b805745bdc652582e00b0d95da8c9729be02833977923e62fc | Triage

Sharing

General

Target

fd9a3c71d5a32e7225629951d31dc852.exe
Size

302KB
Sample

240925-gjk7ga1fqd
MD5

fd9a3c71d5a32e7225629951d31dc852
SHA1

a3de7d79c42fa9b7509e64c74805527ef067d008
SHA256

3cf4b258142373b805745bdc652582e00b0d95da8c9729be02833977923e62fc
SHA512

b047e87a77e3f1de57b4f001c879a478ff9eeebfbb26251907484c37c20eb8b179fdd0913be32ef376d063f77a9562acbc295b9472b3b913e4f8cf51a1f52675
SSDEEP

6144:JGLgjInTdk8y0FQ7VkmPun5mrQVXQ/UpSFYc5Qi:8UsTdkAQJkmPA5yQVXbri

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  fd9a3c71d5a32e7225629951d31dc852.exe
- Size
  
  302KB
- MD5
  
  fd9a3c71d5a32e7225629951d31dc852
- SHA1
  
  a3de7d79c42fa9b7509e64c74805527ef067d008
- SHA256
  
  3cf4b258142373b805745bdc652582e00b0d95da8c9729be02833977923e62fc
- SHA512
  
  b047e87a77e3f1de57b4f001c879a478ff9eeebfbb26251907484c37c20eb8b179fdd0913be32ef376d063f77a9562acbc295b9472b3b913e4f8cf51a1f52675
- SSDEEP
  
  6144:JGLgjInTdk8y0FQ7VkmPun5mrQVXQ/UpSFYc5Qi:8UsTdkAQJkmPA5yQVXbri
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader