gcleaner | dd96d35980d9732015b28182dcbf9b57457ef564b37ffa38f49f63cf425a9727 | Triage

Sharing

General

Target

dd96d35980d9732015b28182dcbf9b57457ef564b37ffa38f49f63cf425a9727
Size

342KB
Sample

240423-mbjassfd97
MD5

1015a2305b0adea85884b4bbfc8dc60c
SHA1

614582da2106876204477323f23a1e7358c8e52a
SHA256

dd96d35980d9732015b28182dcbf9b57457ef564b37ffa38f49f63cf425a9727
SHA512

be5a24ead38b911a7eb351f0888547be5fcc03c1305ff19a8e8b8bc541cb2687f0ca61d86582f676a2b2226e4a98789f4d933ceefa674286a03782de3cd82152
SSDEEP

3072:08RRRU+pEImRqbP+bXJZXVyZYnljTMB9Trxk6X89vgrEkaxb9aBqXiQgtKb4i9cp:S+pmg4LsZYlkrp894ekB9QEac

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes

url_path
/advdlc.php

Targets

- Target
  
  dd96d35980d9732015b28182dcbf9b57457ef564b37ffa38f49f63cf425a9727
- Size
  
  342KB
- MD5
  
  1015a2305b0adea85884b4bbfc8dc60c
- SHA1
  
  614582da2106876204477323f23a1e7358c8e52a
- SHA256
  
  dd96d35980d9732015b28182dcbf9b57457ef564b37ffa38f49f63cf425a9727
- SHA512
  
  be5a24ead38b911a7eb351f0888547be5fcc03c1305ff19a8e8b8bc541cb2687f0ca61d86582f676a2b2226e4a98789f4d933ceefa674286a03782de3cd82152
- SSDEEP
  
  3072:08RRRU+pEImRqbP+bXJZXVyZYnljTMB9Trxk6X89vgrEkaxb9aBqXiQgtKb4i9cp:S+pmg4LsZYlkrp894ekB9QEac
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2