gcleaner | 0db2f70135a77543f2641d1f8ba0b8b0bd9b3d41652e56bbb8ff809a386bcbb6 | Triage

Sharing

General

Target

0db2f70135a77543f2641d1f8ba0b8b0bd9b3d41652e56bbb8ff809a386bcbb6
Size

308KB
Sample

240421-jxs6caef47
MD5

7ed8e7ff1febe76e32bff1edcd436f20
SHA1

68da15e6f8c2ffc7d204c44614d8ca48c82cda71
SHA256

0db2f70135a77543f2641d1f8ba0b8b0bd9b3d41652e56bbb8ff809a386bcbb6
SHA512

acfa9859e1b3551d5b8a08a8c0fdb8ad0d178ec805a3a5675ae610814742d17fd540c07077608b64d76782bf1be0d29922c46d62bbf4d3af43959639baa81ebb
SSDEEP

3072:AiXm1n+HTwPZ+iJn7QFjFi2MphOHg3dDJe62jcjiD22GuNqRK8tbwWh1goamDKDb:8gAZoF5uWANDJGisItbwWgEKCE

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes

url_path
/advdlc.php

Targets

- Target
  
  0db2f70135a77543f2641d1f8ba0b8b0bd9b3d41652e56bbb8ff809a386bcbb6
- Size
  
  308KB
- MD5
  
  7ed8e7ff1febe76e32bff1edcd436f20
- SHA1
  
  68da15e6f8c2ffc7d204c44614d8ca48c82cda71
- SHA256
  
  0db2f70135a77543f2641d1f8ba0b8b0bd9b3d41652e56bbb8ff809a386bcbb6
- SHA512
  
  acfa9859e1b3551d5b8a08a8c0fdb8ad0d178ec805a3a5675ae610814742d17fd540c07077608b64d76782bf1be0d29922c46d62bbf4d3af43959639baa81ebb
- SSDEEP
  
  3072:AiXm1n+HTwPZ+iJn7QFjFi2MphOHg3dDJe62jcjiD22GuNqRK8tbwWh1goamDKDb:8gAZoF5uWANDJGisItbwWgEKCE
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2