gcleaner | 0b984b1fcdbf934fdb457d7d64b3828a3017d1ccb18dcf8402c3d82ae6daa4af | Triage

Sharing

General

Target

0b984b1fcdbf934fdb457d7d64b3828a3017d1ccb18dcf8402c3d82ae6daa4af
Size

238KB
Sample

240501-h2h1hacg57
MD5

7f3f1badecce49078910e25c377b5097
SHA1

1934c64cc54196f5d9800b9ce868ecba0c430749
SHA256

0b984b1fcdbf934fdb457d7d64b3828a3017d1ccb18dcf8402c3d82ae6daa4af
SHA512

685ec80ef7b83e661863ab429910353434b32aed53597092072ed74d7147c4ce07157317527a9701fa3c35744c0b7bf56aae465eb5e3e6c4c885616319cf96b3
SSDEEP

3072:XVX2LoN6XejiWQgHvg+yhxN81eUs9vee+dIz7Tyr5BEasld:XbN6Xu7jv4UteIK7TyGl

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes

url_path
/advdlc.php

Targets

- Target
  
  0b984b1fcdbf934fdb457d7d64b3828a3017d1ccb18dcf8402c3d82ae6daa4af
- Size
  
  238KB
- MD5
  
  7f3f1badecce49078910e25c377b5097
- SHA1
  
  1934c64cc54196f5d9800b9ce868ecba0c430749
- SHA256
  
  0b984b1fcdbf934fdb457d7d64b3828a3017d1ccb18dcf8402c3d82ae6daa4af
- SHA512
  
  685ec80ef7b83e661863ab429910353434b32aed53597092072ed74d7147c4ce07157317527a9701fa3c35744c0b7bf56aae465eb5e3e6c4c885616319cf96b3
- SSDEEP
  
  3072:XVX2LoN6XejiWQgHvg+yhxN81eUs9vee+dIz7Tyr5BEasld:XbN6Xu7jv4UteIK7TyGl
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2