gcleaner | 3a23dc1ed72e23be87ab1ce94399ef071c3892869029abcc3bcac181a82bd557 | Triage

Sharing

General

Target

3a23dc1ed72e23be87ab1ce94399ef071c3892869029abcc3bcac181a82bd557
Size

276KB
Sample

240427-fseklsbf93
MD5

5e949fcbfe907cd2cb12b31cde4c589f
SHA1

d174ff1dc5bcb4085e6c2b306a8657d012ba98e0
SHA256

3a23dc1ed72e23be87ab1ce94399ef071c3892869029abcc3bcac181a82bd557
SHA512

ef194651da30afc5f728890e524fc3dff6d88f083355b522a33734e85c1e0e01065fb70814c420abd98c439181483f91350807188002ae26435c6849e792435a
SSDEEP

3072:mldNVBZW5xMouebWJf6MWiI/GGt7jU02u0bm8Fnbk05Tlfor12:QVixMF86CMWiI/C119nbdI1

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes

url_path
/advdlc.php

Targets

- Target
  
  3a23dc1ed72e23be87ab1ce94399ef071c3892869029abcc3bcac181a82bd557
- Size
  
  276KB
- MD5
  
  5e949fcbfe907cd2cb12b31cde4c589f
- SHA1
  
  d174ff1dc5bcb4085e6c2b306a8657d012ba98e0
- SHA256
  
  3a23dc1ed72e23be87ab1ce94399ef071c3892869029abcc3bcac181a82bd557
- SHA512
  
  ef194651da30afc5f728890e524fc3dff6d88f083355b522a33734e85c1e0e01065fb70814c420abd98c439181483f91350807188002ae26435c6849e792435a
- SSDEEP
  
  3072:mldNVBZW5xMouebWJf6MWiI/GGt7jU02u0bm8Fnbk05Tlfor12:QVixMF86CMWiI/C119nbdI1
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2