gcleaner | bd6c330fd96af047d02de131aa63fd81c068b58ff8f6ceb675b930b6a7ba9797 | Triage

Sharing

General

Target

bd6c330fd96af047d02de131aa63fd81c068b58ff8f6ceb675b930b6a7ba9797
Size

318KB
Sample

240928-b2b4mazflp
MD5

cba3f9974037954c98332d3dda35ec57
SHA1

35686b7040f2a2b9cc8a3f9f183eb05b0a2eb528
SHA256

bd6c330fd96af047d02de131aa63fd81c068b58ff8f6ceb675b930b6a7ba9797
SHA512

624d1d5d4412f7af1ec7bfdee2576d52adcb0b32e834e7b835ce147446b7576ab8cb5708664804712f521761f2192cfc7723950421785c7287dfb1ad1f854505
SSDEEP

6144:dLLM7USXRBqZ/Wgg+ZckFumgThM/5y6F5:dLI7USXRM/WTAHkmgTCs

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  bd6c330fd96af047d02de131aa63fd81c068b58ff8f6ceb675b930b6a7ba9797
- Size
  
  318KB
- MD5
  
  cba3f9974037954c98332d3dda35ec57
- SHA1
  
  35686b7040f2a2b9cc8a3f9f183eb05b0a2eb528
- SHA256
  
  bd6c330fd96af047d02de131aa63fd81c068b58ff8f6ceb675b930b6a7ba9797
- SHA512
  
  624d1d5d4412f7af1ec7bfdee2576d52adcb0b32e834e7b835ce147446b7576ab8cb5708664804712f521761f2192cfc7723950421785c7287dfb1ad1f854505
- SSDEEP
  
  6144:dLLM7USXRBqZ/Wgg+ZckFumgThM/5y6F5:dLI7USXRM/WTAHkmgTCs
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader