gcleaner | a7df5e5174956e67b2249d70729b2142f07ced94bf2d26ad8964c221d0ad80a7 | Triage

Sharing

General

Target

a7df5e5174956e67b2249d70729b2142f07ced94bf2d26ad8964c221d0ad80a7
Size

376KB
Sample

240418-ez8atsah48
MD5

aaebf1e373653720e6759550204643d4
SHA1

64d4955808e30576c21a4cd4e27f3e99fabdba46
SHA256

a7df5e5174956e67b2249d70729b2142f07ced94bf2d26ad8964c221d0ad80a7
SHA512

09f6afc97fb9b13cd570ca01a6c8541036ae83d9fd5072d134e2ee73874b8715bc62becf4f5b3f93196dc9a307fd22c1e7246bc46b803898d9ca9e6d5ce324d0
SSDEEP

6144:rcCCZ6oXokuMLrUG8Tv4og2JHNl5Is/soUOl:jCwo4dsUGbojjl5So3

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes

url_path
/advdlc.php

Targets

- Target
  
  a7df5e5174956e67b2249d70729b2142f07ced94bf2d26ad8964c221d0ad80a7
- Size
  
  376KB
- MD5
  
  aaebf1e373653720e6759550204643d4
- SHA1
  
  64d4955808e30576c21a4cd4e27f3e99fabdba46
- SHA256
  
  a7df5e5174956e67b2249d70729b2142f07ced94bf2d26ad8964c221d0ad80a7
- SHA512
  
  09f6afc97fb9b13cd570ca01a6c8541036ae83d9fd5072d134e2ee73874b8715bc62becf4f5b3f93196dc9a307fd22c1e7246bc46b803898d9ca9e6d5ce324d0
- SSDEEP
  
  6144:rcCCZ6oXokuMLrUG8Tv4og2JHNl5Is/soUOl:jCwo4dsUGbojjl5So3
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2