gcleaner | 92cb84e3fecd6b25fba5bbf07795ba1d0c477cdb54b618724d86632d92cd4294 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

92cb84e3fecd6b25fba5bbf07795ba1d0c477cdb54b618724d86632d92cd4294
Size

350KB
Sample

240421-cd8y5agb73
MD5

650b408fbd0854f646a6c3d49431e814
SHA1

ef6649b4b64b34275867f3d05c8f9dc90294eff5
SHA256

92cb84e3fecd6b25fba5bbf07795ba1d0c477cdb54b618724d86632d92cd4294
SHA512

79606f044c43596f4835b0625664b947641de1495c928c7a34d6628d8458d7e7ab96bd952b9de8e45c05ee3aebbde557dab097eee295d8ce475ad3570d40b0e3
SSDEEP

3072:MbYo40LRGWOn9+oZMzYtVBvBn8rObGnmdVM2OTqbDwF+/kT8ADFrQiYZCXxgpG:MFNp893VVBn8aBs2BP00ylqiYZC

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes

url_path
/advdlc.php

Targets

- Target
  
  92cb84e3fecd6b25fba5bbf07795ba1d0c477cdb54b618724d86632d92cd4294
- Size
  
  350KB
- MD5
  
  650b408fbd0854f646a6c3d49431e814
- SHA1
  
  ef6649b4b64b34275867f3d05c8f9dc90294eff5
- SHA256
  
  92cb84e3fecd6b25fba5bbf07795ba1d0c477cdb54b618724d86632d92cd4294
- SHA512
  
  79606f044c43596f4835b0625664b947641de1495c928c7a34d6628d8458d7e7ab96bd952b9de8e45c05ee3aebbde557dab097eee295d8ce475ad3570d40b0e3
- SSDEEP
  
  3072:MbYo40LRGWOn9+oZMzYtVBvBn8rObGnmdVM2OTqbDwF+/kT8ADFrQiYZCXxgpG:MFNp893VVBn8aBs2BP00ylqiYZC
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2