gcleaner | fd6077d931028e1dd90fef98a26c091066d545b68f8c0d442da09e2791381a1a | Triage

Sharing

General

Target

fd6077d931028e1dd90fef98a26c091066d545b68f8c0d442da09e2791381a1a
Size

344KB
Sample

240503-p133lsag68
MD5

e87958551c2818a36b4a6dd38c163ffc
SHA1

5ee46ef80b43ce3beb39ef1cb2a45fb890fda9bd
SHA256

fd6077d931028e1dd90fef98a26c091066d545b68f8c0d442da09e2791381a1a
SHA512

56b4214a44d2cfd08f41169115a388bd28dee26d341ea7cf130a0eba3388644c7d59a888d701f35d07e622677036ecbea056432ada12c6f61002db8fa0d35f40
SSDEEP

3072:aaP81pkPvgWSc+lzQj5o2MFW4WxwTCoijN1JUlDS63o2mZsT+bAJytC2cC/BSAv1:4iY84A4ax/jN1JUZS9Z92apcClVfuz

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes

url_path
/advdlc.php

Targets

- Target
  
  fd6077d931028e1dd90fef98a26c091066d545b68f8c0d442da09e2791381a1a
- Size
  
  344KB
- MD5
  
  e87958551c2818a36b4a6dd38c163ffc
- SHA1
  
  5ee46ef80b43ce3beb39ef1cb2a45fb890fda9bd
- SHA256
  
  fd6077d931028e1dd90fef98a26c091066d545b68f8c0d442da09e2791381a1a
- SHA512
  
  56b4214a44d2cfd08f41169115a388bd28dee26d341ea7cf130a0eba3388644c7d59a888d701f35d07e622677036ecbea056432ada12c6f61002db8fa0d35f40
- SSDEEP
  
  3072:aaP81pkPvgWSc+lzQj5o2MFW4WxwTCoijN1JUlDS63o2mZsT+bAJytC2cC/BSAv1:4iY84A4ax/jN1JUZS9Z92apcClVfuz
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2