gcleaner | 54cd6c5e4f78a8ed9b689dd6e07b5608611dc45773e421283f1cb54476069620 | Triage

Sharing

General

Target

54cd6c5e4f78a8ed9b689dd6e07b5608611dc45773e421283f1cb54476069620
Size

271KB
Sample

241015-lpa1xaxcnf
MD5

2591a95d9194a08ad573d8e8e7241bf8
SHA1

07678134292beb5a6fe87ebcf24c031f4d16aa77
SHA256

54cd6c5e4f78a8ed9b689dd6e07b5608611dc45773e421283f1cb54476069620
SHA512

35535f4594f6a8ff8e47618f9bb1a8a7f7290c61d60e3e5935c1ac0a5d7fe9cb9541049ac2d2d3d9dcb3b45d5641735a222f5bb307c3d2b7395d5f224863e19e
SSDEEP

3072:wEeBWsLMcdt1+K3oseHfIrjmOOY7VQIKf/weKXmsMeOxGzg95rvqJzxB9HPuGP2J:pe1+2oseH+j3tVU/wh/AqpxB9vuGPDn

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  54cd6c5e4f78a8ed9b689dd6e07b5608611dc45773e421283f1cb54476069620
- Size
  
  271KB
- MD5
  
  2591a95d9194a08ad573d8e8e7241bf8
- SHA1
  
  07678134292beb5a6fe87ebcf24c031f4d16aa77
- SHA256
  
  54cd6c5e4f78a8ed9b689dd6e07b5608611dc45773e421283f1cb54476069620
- SHA512
  
  35535f4594f6a8ff8e47618f9bb1a8a7f7290c61d60e3e5935c1ac0a5d7fe9cb9541049ac2d2d3d9dcb3b45d5641735a222f5bb307c3d2b7395d5f224863e19e
- SSDEEP
  
  3072:wEeBWsLMcdt1+K3oseHfIrjmOOY7VQIKf/weKXmsMeOxGzg95rvqJzxB9HPuGP2J:pe1+2oseH+j3tVU/wh/AqpxB9vuGPDn
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader