gcleaner | 7f2adb49175b395189f62369371725fcc4505ed5ea4bc869b18e8266a5048001 | Triage

Sharing

General

Target

7f2adb49175b395189f62369371725fcc4505ed5ea4bc869b18e8266a5048001
Size

273KB
Sample

240502-vem26afa54
MD5

f89a5436701b9dc5e4da6bdf2269e421
SHA1

ffa25e07c087e1c92e749fcb35a0add474daaa26
SHA256

7f2adb49175b395189f62369371725fcc4505ed5ea4bc869b18e8266a5048001
SHA512

8af203f2535dc4691e5da664ae94db13035cc7a69172f9b5514c0e5ca3e0c770c55c6986857a0c4963da06ef81479ecc8354e969fe3465c1d86ef80b5bdeaa92
SSDEEP

3072:n6q+A5xbCdZhDiGleQKiFNqfjKAqVL7RT+nMu5RYBie5Wlz6BQbn:n6q+A5xCheGleQProsh7wMMCBiNZqQD

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes

url_path
/advdlc.php

Targets

- Target
  
  7f2adb49175b395189f62369371725fcc4505ed5ea4bc869b18e8266a5048001
- Size
  
  273KB
- MD5
  
  f89a5436701b9dc5e4da6bdf2269e421
- SHA1
  
  ffa25e07c087e1c92e749fcb35a0add474daaa26
- SHA256
  
  7f2adb49175b395189f62369371725fcc4505ed5ea4bc869b18e8266a5048001
- SHA512
  
  8af203f2535dc4691e5da664ae94db13035cc7a69172f9b5514c0e5ca3e0c770c55c6986857a0c4963da06ef81479ecc8354e969fe3465c1d86ef80b5bdeaa92
- SSDEEP
  
  3072:n6q+A5xbCdZhDiGleQKiFNqfjKAqVL7RT+nMu5RYBie5Wlz6BQbn:n6q+A5xCheGleQProsh7wMMCBiNZqQD
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2