gcleaner | 1b718c30ab1b3697c697d2f6c04ed2a21358d569cb3a3b23b558019ee6f98a8a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1b718c30ab1b3697c697d2f6c04ed2a21358d569cb3a3b23b558019ee6f98a8a
Size

404KB
Sample

240420-j244eacc36
MD5

99c7638be0509a072abebd09d8323eca
SHA1

a4cf202faa926b5d5dbc32fcbf309bf22159163f
SHA256

1b718c30ab1b3697c697d2f6c04ed2a21358d569cb3a3b23b558019ee6f98a8a
SHA512

85237d9370888ac96f8171cd6be5aca8951061c00d30ef46bd0db27d44b4f4329aa8e58ba8ddf0b6452706a9d3d69a8dfa7b592422516a802713f9fff005df33
SSDEEP

6144:Iwc5H5HH3Nzk0pE/FJuo1vV9Lg53ibNrURp9d:0XXNzkB+699fyRp9

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes

url_path
/advdlc.php

Targets

- Target
  
  1b718c30ab1b3697c697d2f6c04ed2a21358d569cb3a3b23b558019ee6f98a8a
- Size
  
  404KB
- MD5
  
  99c7638be0509a072abebd09d8323eca
- SHA1
  
  a4cf202faa926b5d5dbc32fcbf309bf22159163f
- SHA256
  
  1b718c30ab1b3697c697d2f6c04ed2a21358d569cb3a3b23b558019ee6f98a8a
- SHA512
  
  85237d9370888ac96f8171cd6be5aca8951061c00d30ef46bd0db27d44b4f4329aa8e58ba8ddf0b6452706a9d3d69a8dfa7b592422516a802713f9fff005df33
- SSDEEP
  
  6144:Iwc5H5HH3Nzk0pE/FJuo1vV9Lg53ibNrURp9d:0XXNzkB+699fyRp9
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2