gcleaner | a4ee512267097a65c493167cb3ae60aa5d4999df926ff2df4bce5f6220867529 | Triage

Sharing

General

Target

a4ee512267097a65c493167cb3ae60aa5d4999df926ff2df4bce5f6220867529
Size

293KB
Sample

241013-x972xsyerm
MD5

c5a32e576a25c81e53f6b009815147e2
SHA1

04c91b37cf00bfa518823305f4fb86dd4814d91c
SHA256

a4ee512267097a65c493167cb3ae60aa5d4999df926ff2df4bce5f6220867529
SHA512

ed4d89634634a6c356739800558b3a47378fa5b5ac9169c573f9df3d94e5d606922fcdf0c6f372a7263ed6899afc99fc9deb5292359471c7c8eabdb0c309ade2
SSDEEP

3072:sxDml5hUlhgPr1R9nK6czues7jKGRsdqjIyCgzNmPAp5TQ+CoN7UH+jIFBxqXYUl:sxKlj1K6czues7REOIU6+Fac+qI

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  a4ee512267097a65c493167cb3ae60aa5d4999df926ff2df4bce5f6220867529
- Size
  
  293KB
- MD5
  
  c5a32e576a25c81e53f6b009815147e2
- SHA1
  
  04c91b37cf00bfa518823305f4fb86dd4814d91c
- SHA256
  
  a4ee512267097a65c493167cb3ae60aa5d4999df926ff2df4bce5f6220867529
- SHA512
  
  ed4d89634634a6c356739800558b3a47378fa5b5ac9169c573f9df3d94e5d606922fcdf0c6f372a7263ed6899afc99fc9deb5292359471c7c8eabdb0c309ade2
- SSDEEP
  
  3072:sxDml5hUlhgPr1R9nK6czues7jKGRsdqjIyCgzNmPAp5TQ+CoN7UH+jIFBxqXYUl:sxKlj1K6czues7REOIU6+Fac+qI
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader