gcleaner | ee36bc6d088eefecf233a4592027abfe4934fdd240afd39dc654da60e49b710c | Triage

Sharing

General

Target

ee36bc6d088eefecf233a4592027abfe4934fdd240afd39dc654da60e49b710c.exe
Size

379KB
Sample

240420-b7zrwadc86
MD5

3415aaebe725006cfa66320863c1bb8a
SHA1

37cb513d1f01f9ec819b62ca8ff1b591ae4c8669
SHA256

ee36bc6d088eefecf233a4592027abfe4934fdd240afd39dc654da60e49b710c
SHA512

537dcf54adfef9facb47eb7b57e37aa8d530abe07c9097466ba4acb3e2723d6349973e1c9aea0ce54ac0dffd72de4c4c3e43f2dee8897b5adfc14ec8b2e96385
SSDEEP

6144:/M2FZoaWs0RraGCf9yqWK+a6m9V5wHCIvGSp:/M2j+s0RrJwW1a6m76tGS

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes

url_path
/advdlc.php

Targets

- Target
  
  ee36bc6d088eefecf233a4592027abfe4934fdd240afd39dc654da60e49b710c.exe
- Size
  
  379KB
- MD5
  
  3415aaebe725006cfa66320863c1bb8a
- SHA1
  
  37cb513d1f01f9ec819b62ca8ff1b591ae4c8669
- SHA256
  
  ee36bc6d088eefecf233a4592027abfe4934fdd240afd39dc654da60e49b710c
- SHA512
  
  537dcf54adfef9facb47eb7b57e37aa8d530abe07c9097466ba4acb3e2723d6349973e1c9aea0ce54ac0dffd72de4c4c3e43f2dee8897b5adfc14ec8b2e96385
- SSDEEP
  
  6144:/M2FZoaWs0RraGCf9yqWK+a6m9V5wHCIvGSp:/M2j+s0RrJwW1a6m76tGS
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2