gcleaner | 114aa6cb595ed49423707788c3a06a79e250d23d0615108cbb3fb5bdd20af5c8 | Triage

Sharing

General

Target

b6e4dc4fd0cc50fbb1236fe1108b886d.exe
Size

342KB
Sample

240419-vypebsbc71
MD5

b6e4dc4fd0cc50fbb1236fe1108b886d
SHA1

ca17fc4111dbc08551aabe0e890c337448a19eda
SHA256

114aa6cb595ed49423707788c3a06a79e250d23d0615108cbb3fb5bdd20af5c8
SHA512

eaebb7b46714e2e15fd604383f5c7bb092c7f2669edf1c462544aeb3a11a38b8feacdfae7b78fe6cc0b96c6764909dad7e249c0d31320a26c5df1fa1c911dfbb
SSDEEP

3072:FGSlqrvGown4AMsIqQk+ooNKeDe0T+ZvcXwR+YKZfwmuF5GZ4WDm/5O5XP0hd5A/:FanwpoNfe0Tb0aBwmuWaWa/5ORMAQOo

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes

url_path
/advdlc.php

Targets

- Target
  
  b6e4dc4fd0cc50fbb1236fe1108b886d.exe
- Size
  
  342KB
- MD5
  
  b6e4dc4fd0cc50fbb1236fe1108b886d
- SHA1
  
  ca17fc4111dbc08551aabe0e890c337448a19eda
- SHA256
  
  114aa6cb595ed49423707788c3a06a79e250d23d0615108cbb3fb5bdd20af5c8
- SHA512
  
  eaebb7b46714e2e15fd604383f5c7bb092c7f2669edf1c462544aeb3a11a38b8feacdfae7b78fe6cc0b96c6764909dad7e249c0d31320a26c5df1fa1c911dfbb
- SSDEEP
  
  3072:FGSlqrvGown4AMsIqQk+ooNKeDe0T+ZvcXwR+YKZfwmuF5GZ4WDm/5O5XP0hd5A/:FanwpoNfe0Tb0aBwmuWaWa/5ORMAQOo
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2