gcleaner | 1bc494e04bb41e754b1b1b867e0d1af9ada161b11bc4bb0f1859ce7c431eed96 | Triage

Sharing

General

Target

1bc494e04bb41e754b1b1b867e0d1af9ada161b11bc4bb0f1859ce7c431eed96N
Size

271KB
Sample

241004-vkctdazdqg
MD5

b0837166cff92b061636c23f5c0575f0
SHA1

90de8a54b85cf32dc41e4aaa00c5cd5e39ce9ca0
SHA256

1bc494e04bb41e754b1b1b867e0d1af9ada161b11bc4bb0f1859ce7c431eed96
SHA512

e1faf43d7838dfbb32e44005f062ceefa91e37246acde424f409bcd8b5ddc8e63d9e1f484c4b316cc490a27311c306214fc799075b589dcb806951cec551ce02
SSDEEP

6144:IKuLHDwL0WVe3Mid4UXy+LKgTZeyMNXT:IKuDDbWA3bpYgTrMp

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  1bc494e04bb41e754b1b1b867e0d1af9ada161b11bc4bb0f1859ce7c431eed96N
- Size
  
  271KB
- MD5
  
  b0837166cff92b061636c23f5c0575f0
- SHA1
  
  90de8a54b85cf32dc41e4aaa00c5cd5e39ce9ca0
- SHA256
  
  1bc494e04bb41e754b1b1b867e0d1af9ada161b11bc4bb0f1859ce7c431eed96
- SHA512
  
  e1faf43d7838dfbb32e44005f062ceefa91e37246acde424f409bcd8b5ddc8e63d9e1f484c4b316cc490a27311c306214fc799075b589dcb806951cec551ce02
- SSDEEP
  
  6144:IKuLHDwL0WVe3Mid4UXy+LKgTZeyMNXT:IKuDDbWA3bpYgTrMp
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader