gcleaner | e8861db5a72c3d6b325c38374814b043db31dec82641b4d2b1f2903fad1cfefe | Triage

Sharing

General

Target

e8861db5a72c3d6b325c38374814b043db31dec82641b4d2b1f2903fad1cfefe
Size

262KB
Sample

240515-wmksfacg63
MD5

bf07b425cceca0a2080af4b7527328e8
SHA1

d9eb9b98498e9a302069032bc390b62a2c339d2b
SHA256

e8861db5a72c3d6b325c38374814b043db31dec82641b4d2b1f2903fad1cfefe
SHA512

b488277e1da4492d68dbad9289104debf9bffa0c75d0624a951133410502dd0b43f11ee7c4d4805d668b07954007cc61d3aad83a3a7fb371ae0ea0a62b4c9c3b
SSDEEP

3072:ktVLOQJGf7tjHczMPAPKAx3y0TGqWkFN6M5nVO1jtd:GpGRUMPUaqVDTqL

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes

url_path
/advdlc.php

Targets

- Target
  
  e8861db5a72c3d6b325c38374814b043db31dec82641b4d2b1f2903fad1cfefe
- Size
  
  262KB
- MD5
  
  bf07b425cceca0a2080af4b7527328e8
- SHA1
  
  d9eb9b98498e9a302069032bc390b62a2c339d2b
- SHA256
  
  e8861db5a72c3d6b325c38374814b043db31dec82641b4d2b1f2903fad1cfefe
- SHA512
  
  b488277e1da4492d68dbad9289104debf9bffa0c75d0624a951133410502dd0b43f11ee7c4d4805d668b07954007cc61d3aad83a3a7fb371ae0ea0a62b4c9c3b
- SSDEEP
  
  3072:ktVLOQJGf7tjHczMPAPKAx3y0TGqWkFN6M5nVO1jtd:GpGRUMPUaqVDTqL
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2