gcleaner | 8ab190bb6cddac39cd82628ab7ab69f923ab0e4d790616cdb1ebdf3e2f93ef52 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8ab190bb6cddac39cd82628ab7ab69f923ab0e4d790616cdb1ebdf3e2f93ef52
Size

295KB
Sample

240515-2rw9xsgd39
MD5

20d76b1f3070c072dbeb0808ffbc3796
SHA1

157b6edc5f20d11cfd61c0ea0da75de568ed9774
SHA256

8ab190bb6cddac39cd82628ab7ab69f923ab0e4d790616cdb1ebdf3e2f93ef52
SHA512

51447fe512998b5bcfbb09e02021690ecdc6e420a2529690b0b129505a7b02eb838b86e428fb3268285fc79a46c85e386aeebac2f102dfc27b18000966ae30a7
SSDEEP

3072:Te0tHffP8JSm0Mbk57FUEqTpwLPYaGJiTeHcRcoXbzI3Srs5EW526yG1jtd:i8XPr5CEqTpQApiK8RdbzI3SanL

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

5.42.65.64

Targets

- Target
  
  8ab190bb6cddac39cd82628ab7ab69f923ab0e4d790616cdb1ebdf3e2f93ef52
- Size
  
  295KB
- MD5
  
  20d76b1f3070c072dbeb0808ffbc3796
- SHA1
  
  157b6edc5f20d11cfd61c0ea0da75de568ed9774
- SHA256
  
  8ab190bb6cddac39cd82628ab7ab69f923ab0e4d790616cdb1ebdf3e2f93ef52
- SHA512
  
  51447fe512998b5bcfbb09e02021690ecdc6e420a2529690b0b129505a7b02eb838b86e428fb3268285fc79a46c85e386aeebac2f102dfc27b18000966ae30a7
- SSDEEP
  
  3072:Te0tHffP8JSm0Mbk57FUEqTpwLPYaGJiTeHcRcoXbzI3Srs5EW526yG1jtd:i8XPr5CEqTpQApiK8RdbzI3SanL
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2