gcleaner | 949e52604c309f1b31613a103a5c34a39122c46149b88a7416e5019c869d95a8 | Triage

Sharing

General

Target

949e52604c309f1b31613a103a5c34a39122c46149b88a7416e5019c869d95a8
Size

215KB
Sample

240520-esb9tabg4s
MD5

c34241d487804ec9760159a2c79f65fc
SHA1

f616eb58b7e31efc270efb20cc4838676339e885
SHA256

949e52604c309f1b31613a103a5c34a39122c46149b88a7416e5019c869d95a8
SHA512

6fe146990e24620bd84d5ccbc38b35b59e4ebd4339824cf786ff4085e8b45c4f129eed1aaeb594d8f875ac2623785a2e390e17b5f817710a3b5f0b79e07ff23c
SSDEEP

3072:cvcSr8fghX0OSTHOBqP6EDZZYnLBDoVLz5y0EuiUPphLzqCC+9I58:OrGsOTHOg6O/YB0VHM0/nL+jU

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes

url_path
/advdlc.php

Targets

- Target
  
  949e52604c309f1b31613a103a5c34a39122c46149b88a7416e5019c869d95a8
- Size
  
  215KB
- MD5
  
  c34241d487804ec9760159a2c79f65fc
- SHA1
  
  f616eb58b7e31efc270efb20cc4838676339e885
- SHA256
  
  949e52604c309f1b31613a103a5c34a39122c46149b88a7416e5019c869d95a8
- SHA512
  
  6fe146990e24620bd84d5ccbc38b35b59e4ebd4339824cf786ff4085e8b45c4f129eed1aaeb594d8f875ac2623785a2e390e17b5f817710a3b5f0b79e07ff23c
- SSDEEP
  
  3072:cvcSr8fghX0OSTHOBqP6EDZZYnLBDoVLz5y0EuiUPphLzqCC+9I58:OrGsOTHOg6O/YB0VHM0/nL+jU
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2