gcleaner | ad1a55297078632470302dcc6e350965122c44bcbedeaadbaf87f992a5836ee0 | Triage

Sharing

General

Target

ad1a55297078632470302dcc6e350965122c44bcbedeaadbaf87f992a5836ee0
Size

336KB
Sample

240415-l2frxsbg34
MD5

4d73dce22d36105014e589a7cdd5ad04
SHA1

cb930cdce8251fb84ab6f6b88792dfe01f84e7c4
SHA256

ad1a55297078632470302dcc6e350965122c44bcbedeaadbaf87f992a5836ee0
SHA512

e68f109245eeb50a3e3052b13ccc005905b99f25fb08b06d6c8011019e46a075dead58ec4903cb40e78d6c5697f97dab0d7ebcb241b1ba064f168baa4ef4a8f1
SSDEEP

3072:Odk4+c0ObwJPNLHn0rQnSt2+ePTx35RKd9lVOuSj1prrqxHzFYqy7sMaC1rv6+El:hPPtH0kSt2A3Sxu9FYiC1rvvEN3O

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes

url_path
/advdlc.php

Targets

- Target
  
  ad1a55297078632470302dcc6e350965122c44bcbedeaadbaf87f992a5836ee0
- Size
  
  336KB
- MD5
  
  4d73dce22d36105014e589a7cdd5ad04
- SHA1
  
  cb930cdce8251fb84ab6f6b88792dfe01f84e7c4
- SHA256
  
  ad1a55297078632470302dcc6e350965122c44bcbedeaadbaf87f992a5836ee0
- SHA512
  
  e68f109245eeb50a3e3052b13ccc005905b99f25fb08b06d6c8011019e46a075dead58ec4903cb40e78d6c5697f97dab0d7ebcb241b1ba064f168baa4ef4a8f1
- SSDEEP
  
  3072:Odk4+c0ObwJPNLHn0rQnSt2+ePTx35RKd9lVOuSj1prrqxHzFYqy7sMaC1rv6+El:hPPtH0kSt2A3Sxu9FYiC1rvvEN3O
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2