gcleaner | 1c9771c3735634b732c6eeecd82ad610825f574a97f7823bbf9fe43a918fa79b | Triage

Sharing

General

Target

1c9771c3735634b732c6eeecd82ad610825f574a97f7823bbf9fe43a918fa79b
Size

229KB
Sample

240520-3pqvssbh2s
MD5

4a13730c7eb6bdc60ca85dc1ea8ef7e3
SHA1

668cbafab52b9e64eca74daa58df0466ecdbde2b
SHA256

1c9771c3735634b732c6eeecd82ad610825f574a97f7823bbf9fe43a918fa79b
SHA512

263d9dca71f0fed48ca26f76fd2000f3392ed49583ea3f29a4c14cf8c76f4565df0f4d3a585611c3cd54e72cccfae0f6b5e87654bf9cf321b7907031b2319f6a
SSDEEP

3072:LjBcWuMsx5zq+Is6Uzrni/5YJaTNH49WoZyfiLj33OrZ7xM2dZ+0c22CSWLYS:Lq1LQ4e/5YQO9EiWrHM2dZ+l22F0Y

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes

url_path
/advdlc.php

Targets

- Target
  
  1c9771c3735634b732c6eeecd82ad610825f574a97f7823bbf9fe43a918fa79b
- Size
  
  229KB
- MD5
  
  4a13730c7eb6bdc60ca85dc1ea8ef7e3
- SHA1
  
  668cbafab52b9e64eca74daa58df0466ecdbde2b
- SHA256
  
  1c9771c3735634b732c6eeecd82ad610825f574a97f7823bbf9fe43a918fa79b
- SHA512
  
  263d9dca71f0fed48ca26f76fd2000f3392ed49583ea3f29a4c14cf8c76f4565df0f4d3a585611c3cd54e72cccfae0f6b5e87654bf9cf321b7907031b2319f6a
- SSDEEP
  
  3072:LjBcWuMsx5zq+Is6Uzrni/5YJaTNH49WoZyfiLj33OrZ7xM2dZ+0c22CSWLYS:Lq1LQ4e/5YQO9EiWrHM2dZ+l22F0Y
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2