gcleaner | d9caf6972a0f22528686354f7e994b3853f86661c11c2b804733b967ccca4273 | Triage

Sharing

General

Target

d9caf6972a0f22528686354f7e994b3853f86661c11c2b804733b967ccca4273
Size

283KB
Sample

240520-27ls5aaf65
MD5

1c77ac518b998b4649c9db9115819bf5
SHA1

fcb2b5998bbf741a76df612be91da2959b14f4cd
SHA256

d9caf6972a0f22528686354f7e994b3853f86661c11c2b804733b967ccca4273
SHA512

6cfc6447084fbd9b6877eb3e90f68664a4268dcde6eb68251e7174ea5ad5301f30b7b504d12936f4b818ba334494a901506c4fb7245ec3abadbcfc84eea3a079
SSDEEP

6144:j2O8YDWkNz7jMq7OjoUCMCw6SmWKIeeo61LbPeT3Y:j2OVDWmzUq7OqmFKIIq

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  d9caf6972a0f22528686354f7e994b3853f86661c11c2b804733b967ccca4273
- Size
  
  283KB
- MD5
  
  1c77ac518b998b4649c9db9115819bf5
- SHA1
  
  fcb2b5998bbf741a76df612be91da2959b14f4cd
- SHA256
  
  d9caf6972a0f22528686354f7e994b3853f86661c11c2b804733b967ccca4273
- SHA512
  
  6cfc6447084fbd9b6877eb3e90f68664a4268dcde6eb68251e7174ea5ad5301f30b7b504d12936f4b818ba334494a901506c4fb7245ec3abadbcfc84eea3a079
- SSDEEP
  
  6144:j2O8YDWkNz7jMq7OjoUCMCw6SmWKIeeo61LbPeT3Y:j2OVDWmzUq7OqmFKIIq
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2