gcleaner | 28d3b31883f77ec8950cd41942eec79f9b44629c97e37e25356bfa1aee4e628c | Triage

Sharing

General

Target

28d3b31883f77ec8950cd41942eec79f9b44629c97e37e25356bfa1aee4e628c
Size

343KB
Sample

240423-prennagb8v
MD5

e38edb8bb0d49073277a8e1085fd5b5f
SHA1

a140e28682f444a10d05b1c9a33a2c5106731ae4
SHA256

28d3b31883f77ec8950cd41942eec79f9b44629c97e37e25356bfa1aee4e628c
SHA512

95362007b3d4975550b8d25925ba18fbf588048c4f0e67bc005677394aa4c01e2e202d14af7140d310afd039bb480c89ee18b170a0ce54249214852fd9a368fd
SSDEEP

3072:DkRR5+pVDn1qbY+nXJZXqsK1/CsaFLM7iphvwe63eokQpWfTkcnfB5gtKb4i9cKn:4+z3kL+1/CsJ7iHLokQpW7jfvEac

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes

url_path
/advdlc.php

Targets

- Target
  
  28d3b31883f77ec8950cd41942eec79f9b44629c97e37e25356bfa1aee4e628c
- Size
  
  343KB
- MD5
  
  e38edb8bb0d49073277a8e1085fd5b5f
- SHA1
  
  a140e28682f444a10d05b1c9a33a2c5106731ae4
- SHA256
  
  28d3b31883f77ec8950cd41942eec79f9b44629c97e37e25356bfa1aee4e628c
- SHA512
  
  95362007b3d4975550b8d25925ba18fbf588048c4f0e67bc005677394aa4c01e2e202d14af7140d310afd039bb480c89ee18b170a0ce54249214852fd9a368fd
- SSDEEP
  
  3072:DkRR5+pVDn1qbY+nXJZXqsK1/CsaFLM7iphvwe63eokQpWfTkcnfB5gtKb4i9cKn:4+z3kL+1/CsJ7iHLokQpW7jfvEac
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2