gcleaner | 0b6a021e9e60874928a025b0f41219888a955c5f329894e8d740080ed6b4fdc9 | Triage

Sharing

General

Target

0b6a021e9e60874928a025b0f41219888a955c5f329894e8d740080ed6b4fdc9
Size

343KB
Sample

240423-st7c8shd3z
MD5

ff68d4b2e32f8969a8c8244013c07ba2
SHA1

0f895b1e11df2998a880a2394f9d706b5b801ffb
SHA256

0b6a021e9e60874928a025b0f41219888a955c5f329894e8d740080ed6b4fdc9
SHA512

b1bd3a5eaffc6de8d31f35a277d738f07097a057627c4f33c0a878317deee1eb9481cc42cf4a88fb57d629ac3f1845e133422ed84126110b48116154b216d703
SSDEEP

3072:jcRftzopvPoqbd+cXJZXpA8gbhIydLczwBu8D/KxiX6PhWCoBlFtOl6VChHgtKb8:+zox3fLmhldLGcuOKxiX6ZI5C4C5Eac

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes

url_path
/advdlc.php

Targets

- Target
  
  0b6a021e9e60874928a025b0f41219888a955c5f329894e8d740080ed6b4fdc9
- Size
  
  343KB
- MD5
  
  ff68d4b2e32f8969a8c8244013c07ba2
- SHA1
  
  0f895b1e11df2998a880a2394f9d706b5b801ffb
- SHA256
  
  0b6a021e9e60874928a025b0f41219888a955c5f329894e8d740080ed6b4fdc9
- SHA512
  
  b1bd3a5eaffc6de8d31f35a277d738f07097a057627c4f33c0a878317deee1eb9481cc42cf4a88fb57d629ac3f1845e133422ed84126110b48116154b216d703
- SSDEEP
  
  3072:jcRftzopvPoqbd+cXJZXpA8gbhIydLczwBu8D/KxiX6PhWCoBlFtOl6VChHgtKb8:+zox3fLmhldLGcuOKxiX6ZI5C4C5Eac
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2