gcleaner | b75d214b63d0734fed2ac9696aef837a0ba943e61b88cdbb70dfe5785990d6b2 | Triage

Sharing

General

Target

b75d214b63d0734fed2ac9696aef837a0ba943e61b88cdbb70dfe5785990d6b2
Size

254KB
Sample

240520-e5dy6sbg53
MD5

95afdb60ce8d55d2c6951b6ac446ac29
SHA1

1159603632c1fac14757334e0815f39fb9aab21d
SHA256

b75d214b63d0734fed2ac9696aef837a0ba943e61b88cdbb70dfe5785990d6b2
SHA512

3c5e30f2d987b4e1060bb757ae57e6f6dfd4fadc6d9dc4e2371931bbb8d89fda4f0c2158c77f956c3df403471f1e8af2cf4ce290795564cda4e43ea82c6d37c9
SSDEEP

3072:t8JOtnYpqla9sPt3+OnoRmg59WF8jY90v3CbmpXupTquyAEJxtMjaE+Z40UUW:tVnyGzh9KPFlDn+jaE+Z40

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes

url_path
/advdlc.php

Targets

- Target
  
  b75d214b63d0734fed2ac9696aef837a0ba943e61b88cdbb70dfe5785990d6b2
- Size
  
  254KB
- MD5
  
  95afdb60ce8d55d2c6951b6ac446ac29
- SHA1
  
  1159603632c1fac14757334e0815f39fb9aab21d
- SHA256
  
  b75d214b63d0734fed2ac9696aef837a0ba943e61b88cdbb70dfe5785990d6b2
- SHA512
  
  3c5e30f2d987b4e1060bb757ae57e6f6dfd4fadc6d9dc4e2371931bbb8d89fda4f0c2158c77f956c3df403471f1e8af2cf4ce290795564cda4e43ea82c6d37c9
- SSDEEP
  
  3072:t8JOtnYpqla9sPt3+OnoRmg59WF8jY90v3CbmpXupTquyAEJxtMjaE+Z40UUW:tVnyGzh9KPFlDn+jaE+Z40
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2