gcleaner | e46aa24718abd33ff405dc6b8057ca6a892076b7cfde8e7488afaa2a06bd948f | Triage

Sharing

General

Target

3415aaebe725006cfa66320863c1bb8a.bin
Size

218KB
Sample

240421-bgk6ssfc3w
MD5

f9cac341415d46476046a0dd166811a3
SHA1

025e1f7e01558c19cfe9e1c42d682bec823b3881
SHA256

e46aa24718abd33ff405dc6b8057ca6a892076b7cfde8e7488afaa2a06bd948f
SHA512

20f4400f0f7438216466d9ab683afdbb7174722e26c8647648f6cfd2bfa76ea0479499c7a20ff5ba5ba177caceb73cb5a7da9a87f9e6fb94ab6d72456912188e
SSDEEP

6144:t5Czv74pnC6+P/aJYOoYdx12sm5X9SuK/Xro:Y0pBOymlYzosmF9SXXro

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes

url_path
/advdlc.php

Targets

- Target
  
  ee36bc6d088eefecf233a4592027abfe4934fdd240afd39dc654da60e49b710c.exe
- Size
  
  379KB
- MD5
  
  3415aaebe725006cfa66320863c1bb8a
- SHA1
  
  37cb513d1f01f9ec819b62ca8ff1b591ae4c8669
- SHA256
  
  ee36bc6d088eefecf233a4592027abfe4934fdd240afd39dc654da60e49b710c
- SHA512
  
  537dcf54adfef9facb47eb7b57e37aa8d530abe07c9097466ba4acb3e2723d6349973e1c9aea0ce54ac0dffd72de4c4c3e43f2dee8897b5adfc14ec8b2e96385
- SSDEEP
  
  6144:/M2FZoaWs0RraGCf9yqWK+a6m9V5wHCIvGSp:/M2j+s0RrJwW1a6m76tGS
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2