gcleaner | f1f828db44db8e61e7351143d95bb53686f3454ab075832ace6ce6c4343c2701 | Triage

Sharing

General

Target

f1f828db44db8e61e7351143d95bb53686f3454ab075832ace6ce6c4343c2701
Size

305KB
Sample

240411-qgljwscb56
MD5

1a4dfd156a292167a4b273391cfb3f86
SHA1

6eae7521fc70ba0c3f13fe957a8e1023c563259d
SHA256

f1f828db44db8e61e7351143d95bb53686f3454ab075832ace6ce6c4343c2701
SHA512

9732290ea1479f19f4e93cfb62a83e448be3191e803f754f6f321cc17077ea0bc08f86819bad67a6c0446edc5841212555b8154f7ccc771e9ab984c42aeb3a93
SSDEEP

3072:yA4s4ajd2PeAFHPSqJey0SI+A+vzRqZgEYWSaNOnwUbmDnWzYdcVAZg32azuhoCp:yM4aWVJ7nIDQ0gEhEanbSVA6G7pYRQf

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes

url_path
/advdlc.php

Targets

- Target
  
  f1f828db44db8e61e7351143d95bb53686f3454ab075832ace6ce6c4343c2701
- Size
  
  305KB
- MD5
  
  1a4dfd156a292167a4b273391cfb3f86
- SHA1
  
  6eae7521fc70ba0c3f13fe957a8e1023c563259d
- SHA256
  
  f1f828db44db8e61e7351143d95bb53686f3454ab075832ace6ce6c4343c2701
- SHA512
  
  9732290ea1479f19f4e93cfb62a83e448be3191e803f754f6f321cc17077ea0bc08f86819bad67a6c0446edc5841212555b8154f7ccc771e9ab984c42aeb3a93
- SSDEEP
  
  3072:yA4s4ajd2PeAFHPSqJey0SI+A+vzRqZgEYWSaNOnwUbmDnWzYdcVAZg32azuhoCp:yM4aWVJ7nIDQ0gEhEanbSVA6G7pYRQf
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2