gcleaner | d0d93869aac6091af6c953475915831f4b300377931bb4dac2adcdceeb5616b2 | Triage

Sharing

General

Target

d0d93869aac6091af6c953475915831f4b300377931bb4dac2adcdceeb5616b2
Size

312KB
Sample

240328-jxbw3afh81
MD5

c4ec38ae5ddce37cb56b4c6d88bee7c3
SHA1

ad97d501d7d2dc64f23ba989139fac33f4dbdec4
SHA256

d0d93869aac6091af6c953475915831f4b300377931bb4dac2adcdceeb5616b2
SHA512

85f3723f2a3991d96d3cecf480d46f94f58959d55fa54e98dd5ad9ce64cbd6288fd1a77b65b7e636e64d2c6b97203eccd454247463f5e818022320db5a3bc8e9
SSDEEP

3072:0u/Yc8E9PlkOF+XldS/yBjQuhLSLf7tU7zCHCOkSPK412YdBZxo9XOddA:zFKkwvSj7EuihSPKo3LXo9Xk

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.115

Targets

- Target
  
  d0d93869aac6091af6c953475915831f4b300377931bb4dac2adcdceeb5616b2
- Size
  
  312KB
- MD5
  
  c4ec38ae5ddce37cb56b4c6d88bee7c3
- SHA1
  
  ad97d501d7d2dc64f23ba989139fac33f4dbdec4
- SHA256
  
  d0d93869aac6091af6c953475915831f4b300377931bb4dac2adcdceeb5616b2
- SHA512
  
  85f3723f2a3991d96d3cecf480d46f94f58959d55fa54e98dd5ad9ce64cbd6288fd1a77b65b7e636e64d2c6b97203eccd454247463f5e818022320db5a3bc8e9
- SSDEEP
  
  3072:0u/Yc8E9PlkOF+XldS/yBjQuhLSLf7tU7zCHCOkSPK412YdBZxo9XOddA:zFKkwvSj7EuihSPKo3LXo9Xk
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2