gcleaner | d57482f94bce24f9c5c283559762923841979719824446f366b137916cf71dc6 | Triage

Sharing

General

Target

d57482f94bce24f9c5c283559762923841979719824446f366b137916cf71dc6
Size

373KB
Sample

241018-d7m47axgrq
MD5

4474a474090ec056db5c10d7931daff8
SHA1

933851a870ea5c0186e068e0d533a42a54d82c3c
SHA256

d57482f94bce24f9c5c283559762923841979719824446f366b137916cf71dc6
SHA512

04b74662a7038483bb0ecaf32c3e99948e9d88fbf413667fb6e313aeb0b3c1c97703bb0595cb04e8643f386cae893abb3d8e3e2b77d46f8eff12c5bf00f93fde
SSDEEP

6144:wK82Co6YLxL8DsZbfltDdGI6WNUbhJ6L4d+BlsUz7l97op1VtgMv:wH2Co6YtL8AZx7GcUb6Li+n77/o33g

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  d57482f94bce24f9c5c283559762923841979719824446f366b137916cf71dc6
- Size
  
  373KB
- MD5
  
  4474a474090ec056db5c10d7931daff8
- SHA1
  
  933851a870ea5c0186e068e0d533a42a54d82c3c
- SHA256
  
  d57482f94bce24f9c5c283559762923841979719824446f366b137916cf71dc6
- SHA512
  
  04b74662a7038483bb0ecaf32c3e99948e9d88fbf413667fb6e313aeb0b3c1c97703bb0595cb04e8643f386cae893abb3d8e3e2b77d46f8eff12c5bf00f93fde
- SSDEEP
  
  6144:wK82Co6YLxL8DsZbfltDdGI6WNUbhJ6L4d+BlsUz7l97op1VtgMv:wH2Co6YtL8AZx7GcUb6Li+n77/o33g
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader