gcleaner | aca16cf20e9e4e74e7b270b60356ad55c82c0cdc86db4454e2023fb14285db87 | Triage

Sharing

General

Target

aca16cf20e9e4e74e7b270b60356ad55c82c0cdc86db4454e2023fb14285db87N
Size

410KB
Sample

241005-1de8taxhra
MD5

bd36f5af13b35a77d0e15e95655620d0
SHA1

255a4ea629f8d07f4c4e35bc3750c978014fd574
SHA256

aca16cf20e9e4e74e7b270b60356ad55c82c0cdc86db4454e2023fb14285db87
SHA512

35d2b5a2faf7a860f3e49f98518c61f3050faf4fc6070dcf5165888d1be4986b1c207f9101dc0e70ce495fd31aa06fa5a7cc4eb7972b7abc19acd92dcca96fc6
SSDEEP

6144:4hvWMy6hzp1ssFWBeXNoIdoYtP3pXTbSt8gcUWXhC/YQna8gyifT1:QvWMHzp1ZWYFt5S8ZUAC/YGjg1L

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  aca16cf20e9e4e74e7b270b60356ad55c82c0cdc86db4454e2023fb14285db87N
- Size
  
  410KB
- MD5
  
  bd36f5af13b35a77d0e15e95655620d0
- SHA1
  
  255a4ea629f8d07f4c4e35bc3750c978014fd574
- SHA256
  
  aca16cf20e9e4e74e7b270b60356ad55c82c0cdc86db4454e2023fb14285db87
- SHA512
  
  35d2b5a2faf7a860f3e49f98518c61f3050faf4fc6070dcf5165888d1be4986b1c207f9101dc0e70ce495fd31aa06fa5a7cc4eb7972b7abc19acd92dcca96fc6
- SSDEEP
  
  6144:4hvWMy6hzp1ssFWBeXNoIdoYtP3pXTbSt8gcUWXhC/YQna8gyifT1:QvWMHzp1ZWYFt5S8ZUAC/YGjg1L
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader