gcleaner | 78f4b4f400d12aeb89daf37db9a4277e38916359aa835a6703ee8ccd3a62b66f | Triage

Sharing

General

Target

78f4b4f400d12aeb89daf37db9a4277e38916359aa835a6703ee8ccd3a62b66f
Size

288KB
Sample

241012-3kft2a1hnm
MD5

79a5b8e75dbf824712cf820c76c5c7cf
SHA1

4b275f52f9b9cdbd614949509cf597bd6713e524
SHA256

78f4b4f400d12aeb89daf37db9a4277e38916359aa835a6703ee8ccd3a62b66f
SHA512

6d6640bf26c35eab55d7967fc622f312b68474a3cbc7d1f62a2d54f2547895ece8cbc03d0f1fe4bbcf89ff401e491564f62c8f784a39f24ba5e21a20b2eed941
SSDEEP

3072:xmzgDdjYPB7a5CquG75XEpUk8YYRenh8+EfMN56Xo4kwrq+AZ/XR:osDdjYSCqXyNYReyLbkwWH

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  78f4b4f400d12aeb89daf37db9a4277e38916359aa835a6703ee8ccd3a62b66f
- Size
  
  288KB
- MD5
  
  79a5b8e75dbf824712cf820c76c5c7cf
- SHA1
  
  4b275f52f9b9cdbd614949509cf597bd6713e524
- SHA256
  
  78f4b4f400d12aeb89daf37db9a4277e38916359aa835a6703ee8ccd3a62b66f
- SHA512
  
  6d6640bf26c35eab55d7967fc622f312b68474a3cbc7d1f62a2d54f2547895ece8cbc03d0f1fe4bbcf89ff401e491564f62c8f784a39f24ba5e21a20b2eed941
- SSDEEP
  
  3072:xmzgDdjYPB7a5CquG75XEpUk8YYRenh8+EfMN56Xo4kwrq+AZ/XR:osDdjYSCqXyNYReyLbkwWH
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader