gcleaner | f08fd79935ca480735a8d1663a46823680a3478bad7ff6ae6aeb579362218c71 | Triage

Sharing

General

Target

f08fd79935ca480735a8d1663a46823680a3478bad7ff6ae6aeb579362218c71
Size

269KB
Sample

241015-magqksyekh
MD5

42a532c766be7b83f152ab9b8293d6f7
SHA1

4681e65e2fad14302545f5263e320812e77eb79e
SHA256

f08fd79935ca480735a8d1663a46823680a3478bad7ff6ae6aeb579362218c71
SHA512

2ee17d26c558196db029d0b6c1d2604f27e6869c2e719b05409c3f215f4c75d96d5341c10ccf1f1ba730ce9a45fe857bd158fec496f1f8fd47570aea6de659b6
SSDEEP

3072:GSJ+1mhZM3xrI5ON7hZda4L/jgFQmKoei3TZ1g95OqJzxB9HPuGPLU9MCGbXal/T:v+1msI5cTfgC0eM9DqpxB9vuGPI+n

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  f08fd79935ca480735a8d1663a46823680a3478bad7ff6ae6aeb579362218c71
- Size
  
  269KB
- MD5
  
  42a532c766be7b83f152ab9b8293d6f7
- SHA1
  
  4681e65e2fad14302545f5263e320812e77eb79e
- SHA256
  
  f08fd79935ca480735a8d1663a46823680a3478bad7ff6ae6aeb579362218c71
- SHA512
  
  2ee17d26c558196db029d0b6c1d2604f27e6869c2e719b05409c3f215f4c75d96d5341c10ccf1f1ba730ce9a45fe857bd158fec496f1f8fd47570aea6de659b6
- SSDEEP
  
  3072:GSJ+1mhZM3xrI5ON7hZda4L/jgFQmKoei3TZ1g95OqJzxB9HPuGPLU9MCGbXal/T:v+1msI5cTfgC0eM9DqpxB9vuGPI+n
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader