gcleaner | f390a307ea02b0e54695191809c7ccfb297fe439b9a9c63976b39611cb5eba3b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f390a307ea02b0e54695191809c7ccfb297fe439b9a9c63976b39611cb5eba3b
Size

270KB
Sample

240517-l5wmjsda21
MD5

3ff5a8b94ba2d2e53d23ecd98ba72dc3
SHA1

18039ee80c70098096cd47cf2c005872848642a2
SHA256

f390a307ea02b0e54695191809c7ccfb297fe439b9a9c63976b39611cb5eba3b
SHA512

e78dbac5e9c828dc2148e6b14aa3a3ac51d21a2894fb6b3b7bc70af6544e5c03fae895494b4901be1d2181d3d43f9c9d741d94b4226b69565160be1d0b8f3b07
SSDEEP

3072:g9+qKi+XkBq0kYppDfKOOXPM8YiCScTk9VqC25oPgUmXi/Rx:fqm0TpVEXXDrcQK+Yro

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes

url_path
/advdlc.php

Targets

- Target
  
  f390a307ea02b0e54695191809c7ccfb297fe439b9a9c63976b39611cb5eba3b
- Size
  
  270KB
- MD5
  
  3ff5a8b94ba2d2e53d23ecd98ba72dc3
- SHA1
  
  18039ee80c70098096cd47cf2c005872848642a2
- SHA256
  
  f390a307ea02b0e54695191809c7ccfb297fe439b9a9c63976b39611cb5eba3b
- SHA512
  
  e78dbac5e9c828dc2148e6b14aa3a3ac51d21a2894fb6b3b7bc70af6544e5c03fae895494b4901be1d2181d3d43f9c9d741d94b4226b69565160be1d0b8f3b07
- SSDEEP
  
  3072:g9+qKi+XkBq0kYppDfKOOXPM8YiCScTk9VqC25oPgUmXi/Rx:fqm0TpVEXXDrcQK+Yro
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2