gcleaner | 41eba63857509c8a8a7933e635a0acbbde4e76c1f69ae228af0688fdd17c689d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

41eba63857509c8a8a7933e635a0acbbde4e76c1f69ae228af0688fdd17c689d
Size

220KB
Sample

240305-ydma1sgd27
MD5

4722e4fb8995a4fac4b7cc7cf4c2d8be
SHA1

6aa95f004e33451d831dca3e964fe351accb39dd
SHA256

41eba63857509c8a8a7933e635a0acbbde4e76c1f69ae228af0688fdd17c689d
SHA512

af4133760460ba6fe76b64a31b174bf789c81b13423697c1e8c74e7ca5840d0f223653e30cb904a9a6b75c36139ec6742855b4c2e6c0aff38787911e0fa55952
SSDEEP

3072:Msa+zaISwDcOK/byKDr009X9ugbYMRTW8ptmU0zE6EHOQEpPOK:Ja+zaBIHKzyYwmlTW8TaE6ElwP

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.115

Targets

- Target
  
  41eba63857509c8a8a7933e635a0acbbde4e76c1f69ae228af0688fdd17c689d
- Size
  
  220KB
- MD5
  
  4722e4fb8995a4fac4b7cc7cf4c2d8be
- SHA1
  
  6aa95f004e33451d831dca3e964fe351accb39dd
- SHA256
  
  41eba63857509c8a8a7933e635a0acbbde4e76c1f69ae228af0688fdd17c689d
- SHA512
  
  af4133760460ba6fe76b64a31b174bf789c81b13423697c1e8c74e7ca5840d0f223653e30cb904a9a6b75c36139ec6742855b4c2e6c0aff38787911e0fa55952
- SSDEEP
  
  3072:Msa+zaISwDcOK/byKDr009X9ugbYMRTW8ptmU0zE6EHOQEpPOK:Ja+zaBIHKzyYwmlTW8TaE6ElwP
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2