gcleaner | 3fe8c3ec19eb2e6231d316f84a460558149305d523bbb2c7d8a4eb25cfd03b58 | Triage

Sharing

General

Target

3fe8c3ec19eb2e6231d316f84a460558149305d523bbb2c7d8a4eb25cfd03b58
Size

234KB
Sample

240519-zfw4nsgg82
MD5

60b9b80da7cdf25e17d20237ffab3a0f
SHA1

60388ce98e2dd4774cbf86b555214256677425df
SHA256

3fe8c3ec19eb2e6231d316f84a460558149305d523bbb2c7d8a4eb25cfd03b58
SHA512

5c69f4a85e9c189bfee6072f8026165d734005e53ca5b31e43098eb764939f8f0242bf5e217350a4f8141177d36a4e9321778c57ff3bf6aaea13d68a1d6e816f
SSDEEP

6144:SjY7MH9Pb0DVvRMQsmYbGPS8PHr0cnt2vr:cY7sb0DvMx7mScL0cnk

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes

url_path
/advdlc.php

Targets

- Target
  
  3fe8c3ec19eb2e6231d316f84a460558149305d523bbb2c7d8a4eb25cfd03b58
- Size
  
  234KB
- MD5
  
  60b9b80da7cdf25e17d20237ffab3a0f
- SHA1
  
  60388ce98e2dd4774cbf86b555214256677425df
- SHA256
  
  3fe8c3ec19eb2e6231d316f84a460558149305d523bbb2c7d8a4eb25cfd03b58
- SHA512
  
  5c69f4a85e9c189bfee6072f8026165d734005e53ca5b31e43098eb764939f8f0242bf5e217350a4f8141177d36a4e9321778c57ff3bf6aaea13d68a1d6e816f
- SSDEEP
  
  6144:SjY7MH9Pb0DVvRMQsmYbGPS8PHr0cnt2vr:cY7sb0DvMx7mScL0cnk
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2