gcleaner | 892b71e58d4877dd51af4ec3252b8b421a0360cbdbc683f038708afa8e20ebe6 | Triage

Sharing

General

Target

892b71e58d4877dd51af4ec3252b8b421a0360cbdbc683f038708afa8e20ebe6
Size

317KB
Sample

240513-lep23shc69
MD5

2872f0a2ad69d402bea8b00c214c1521
SHA1

069e5d291a6a644702564a1746f0408409b086af
SHA256

892b71e58d4877dd51af4ec3252b8b421a0360cbdbc683f038708afa8e20ebe6
SHA512

5593cdd837290bf57d4c8d20ab209a7cb2400f99d322a9709f5e61db0d1cfb55deea47aaf4352d38b13580c2ba86dbd89806942db428179d5bce7bf957ac7c38
SSDEEP

6144:Gb5NBYXsH27h3ff4iTnPTFUMSEVRsuLC:GlNBalLJjPsuO

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes

url_path
/advdlc.php

Targets

- Target
  
  892b71e58d4877dd51af4ec3252b8b421a0360cbdbc683f038708afa8e20ebe6
- Size
  
  317KB
- MD5
  
  2872f0a2ad69d402bea8b00c214c1521
- SHA1
  
  069e5d291a6a644702564a1746f0408409b086af
- SHA256
  
  892b71e58d4877dd51af4ec3252b8b421a0360cbdbc683f038708afa8e20ebe6
- SHA512
  
  5593cdd837290bf57d4c8d20ab209a7cb2400f99d322a9709f5e61db0d1cfb55deea47aaf4352d38b13580c2ba86dbd89806942db428179d5bce7bf957ac7c38
- SSDEEP
  
  6144:Gb5NBYXsH27h3ff4iTnPTFUMSEVRsuLC:GlNBalLJjPsuO
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2