gcleaner | dbab925f0c02c80393e4eca18068e76fc9075d975996b327c9c3e06a6bda09b8 | Triage

Sharing

General

Target

dbab925f0c02c80393e4eca18068e76fc9075d975996b327c9c3e06a6bda09b8
Size

319KB
Sample

240501-ykkqrshc93
MD5

7bc5bddefd533fc0aa31cfc1d545757c
SHA1

0591b4ab74b0b3fe36e4ec26b6d6d57b1fcec3e4
SHA256

dbab925f0c02c80393e4eca18068e76fc9075d975996b327c9c3e06a6bda09b8
SHA512

81ae5c9dd22e397f6c5c57aebc45b7883b7456d30c824921e1223cf09d6ad3867a91ad714c51519e0bdf0bc240a3e5d8b4e49ec56e5de6dc230828bf8eddc91f
SSDEEP

3072:xgTbyZ03rK5GZqgOq2CNorLW/0Fs0zczg1lLPoJRp5WyqtZGB0xb10d:bZ3GnO1CNB/Vg1lLAJRyhtbK

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes

url_path
/advdlc.php

Targets

- Target
  
  dbab925f0c02c80393e4eca18068e76fc9075d975996b327c9c3e06a6bda09b8
- Size
  
  319KB
- MD5
  
  7bc5bddefd533fc0aa31cfc1d545757c
- SHA1
  
  0591b4ab74b0b3fe36e4ec26b6d6d57b1fcec3e4
- SHA256
  
  dbab925f0c02c80393e4eca18068e76fc9075d975996b327c9c3e06a6bda09b8
- SHA512
  
  81ae5c9dd22e397f6c5c57aebc45b7883b7456d30c824921e1223cf09d6ad3867a91ad714c51519e0bdf0bc240a3e5d8b4e49ec56e5de6dc230828bf8eddc91f
- SSDEEP
  
  3072:xgTbyZ03rK5GZqgOq2CNorLW/0Fs0zczg1lLPoJRp5WyqtZGB0xb10d:bZ3GnO1CNB/Vg1lLAJRyhtbK
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2