gcleaner | 04037b5f379cdd8cf9f4bf3983a714e81f0e118402587d6144a2d0ff5a34b50a | Triage

Sharing

General

Target

04037b5f379cdd8cf9f4bf3983a714e81f0e118402587d6144a2d0ff5a34b50a
Size

250KB
Sample

240520-3axd2aag54
MD5

7b920e60e0a91157f785214e15a72c11
SHA1

1a7b0b78df6a533e546bf8b54ee418fdc9a03b2d
SHA256

04037b5f379cdd8cf9f4bf3983a714e81f0e118402587d6144a2d0ff5a34b50a
SHA512

ab7a8394203ae40e9542b596c3c6d500dcb2f0daa93a3d033ab09291f0e3c90f560dd9d48a61832c49485f92de85cb92060899542be038a9a4c2efedb978c3ed
SSDEEP

3072:Ini7ju0gKaTMkgl7SN+DZ/Tx8O2yx5BrExuDHhZYvEbdF8/ykC7tRO1wLiIoqtlx:I4CFv6eNhODx/+urLdF1RjiwUo68T3Y

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes

url_path
/advdlc.php

Targets

- Target
  
  04037b5f379cdd8cf9f4bf3983a714e81f0e118402587d6144a2d0ff5a34b50a
- Size
  
  250KB
- MD5
  
  7b920e60e0a91157f785214e15a72c11
- SHA1
  
  1a7b0b78df6a533e546bf8b54ee418fdc9a03b2d
- SHA256
  
  04037b5f379cdd8cf9f4bf3983a714e81f0e118402587d6144a2d0ff5a34b50a
- SHA512
  
  ab7a8394203ae40e9542b596c3c6d500dcb2f0daa93a3d033ab09291f0e3c90f560dd9d48a61832c49485f92de85cb92060899542be038a9a4c2efedb978c3ed
- SSDEEP
  
  3072:Ini7ju0gKaTMkgl7SN+DZ/Tx8O2yx5BrExuDHhZYvEbdF8/ykC7tRO1wLiIoqtlx:I4CFv6eNhODx/+urLdF1RjiwUo68T3Y
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2