gcleaner | fc351f28e8b2ed6ba6a176e4277483fb3ae15eb1b86e219510bdd92c17705861 | Triage

Sharing

General

Target

fc351f28e8b2ed6ba6a176e4277483fb3ae15eb1b86e219510bdd92c17705861
Size

251KB
Sample

240514-3cs5dsde6w
MD5

cfa4a6a0f53745a8da3ebf200e704467
SHA1

3107c8abda139b890d4b98f27ddc41a0f3034ff4
SHA256

fc351f28e8b2ed6ba6a176e4277483fb3ae15eb1b86e219510bdd92c17705861
SHA512

84eadd94e267003b42f9f12d96bc712e9757698c4521b7107530834a69e14b49d44b2019d3f5b9a549ece15208a92159347a96863dce2713d7489958d3407361
SSDEEP

3072:UGRP4dODEy9Sj0rwwn9+3BgHRgvbhRAjmk+XxS9+d3ODbQsMx9N9p1nCdwst2j2C:SS3ck79hqbhRAmVxSsg4suN9vC32CmY

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes

url_path
/advdlc.php

Targets

- Target
  
  fc351f28e8b2ed6ba6a176e4277483fb3ae15eb1b86e219510bdd92c17705861
- Size
  
  251KB
- MD5
  
  cfa4a6a0f53745a8da3ebf200e704467
- SHA1
  
  3107c8abda139b890d4b98f27ddc41a0f3034ff4
- SHA256
  
  fc351f28e8b2ed6ba6a176e4277483fb3ae15eb1b86e219510bdd92c17705861
- SHA512
  
  84eadd94e267003b42f9f12d96bc712e9757698c4521b7107530834a69e14b49d44b2019d3f5b9a549ece15208a92159347a96863dce2713d7489958d3407361
- SSDEEP
  
  3072:UGRP4dODEy9Sj0rwwn9+3BgHRgvbhRAjmk+XxS9+d3ODbQsMx9N9p1nCdwst2j2C:SS3ck79hqbhRAmVxSsg4suN9vC32CmY
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2