gcleaner | f68cfcc016e9c3c3398c2e476811416b97d5b1f904cc43e6100eac96db6f21ab | Triage

Sharing

General

Target

f68cfcc016e9c3c3398c2e476811416b97d5b1f904cc43e6100eac96db6f21ab
Size

299KB
Sample

240430-ftddyadf51
MD5

ac1e7c119ba31ec94a979d2dc782c5ad
SHA1

3119147c6d581cabf6d19007e1050d6744242674
SHA256

f68cfcc016e9c3c3398c2e476811416b97d5b1f904cc43e6100eac96db6f21ab
SHA512

b3fcaf769f11fb5e42c8ae60808a4858def64e63dc5198eeca68a77963d48b72a1182a98129cf95886743ab43b56a9664869ed8cb4c7c160c735325d27724068
SSDEEP

3072:bpGBJswp9gxZtJzBO1NB9+qHebmTcMrS5vQTV9ZqbEqUjliO4+coo0fJOvbDrWHy:uJlPg14xheKgQp9QbEqsi+ctvbg4wmV

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes

url_path
/advdlc.php

Targets

- Target
  
  f68cfcc016e9c3c3398c2e476811416b97d5b1f904cc43e6100eac96db6f21ab
- Size
  
  299KB
- MD5
  
  ac1e7c119ba31ec94a979d2dc782c5ad
- SHA1
  
  3119147c6d581cabf6d19007e1050d6744242674
- SHA256
  
  f68cfcc016e9c3c3398c2e476811416b97d5b1f904cc43e6100eac96db6f21ab
- SHA512
  
  b3fcaf769f11fb5e42c8ae60808a4858def64e63dc5198eeca68a77963d48b72a1182a98129cf95886743ab43b56a9664869ed8cb4c7c160c735325d27724068
- SSDEEP
  
  3072:bpGBJswp9gxZtJzBO1NB9+qHebmTcMrS5vQTV9ZqbEqUjliO4+coo0fJOvbDrWHy:uJlPg14xheKgQp9QbEqsi+ctvbg4wmV
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2