gcleaner | d254fdb0150a5b6a1f6752c02caac29d3296b89be9889dd40a23c926f9404d04 | Triage

Sharing

General

Target

d254fdb0150a5b6a1f6752c02caac29d3296b89be9889dd40a23c926f9404d04
Size

288KB
Sample

240520-ferysada3t
MD5

5f3ee1dee70230db19a3633a70de74af
SHA1

8446c78725ab83307d39d8653e36ffb044d73411
SHA256

d254fdb0150a5b6a1f6752c02caac29d3296b89be9889dd40a23c926f9404d04
SHA512

dd57e732aa2523348f6ccaebe14121f6c726246e6639dd6faf661d75f73cc6e0abe8cbf917429b3a281c5c22d1202f2bfd0ef065f9e4254e8a34ee233cf91cf5
SSDEEP

3072:JsJ0ENN8iC97Oj5+enWDxKJL0vzhCLCg8mzyvjK7nqoviBvM2C8EvcF2IAJjXa2S:JYa8FYvdICwzyLYn6D2IYTjz1Z40

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  d254fdb0150a5b6a1f6752c02caac29d3296b89be9889dd40a23c926f9404d04
- Size
  
  288KB
- MD5
  
  5f3ee1dee70230db19a3633a70de74af
- SHA1
  
  8446c78725ab83307d39d8653e36ffb044d73411
- SHA256
  
  d254fdb0150a5b6a1f6752c02caac29d3296b89be9889dd40a23c926f9404d04
- SHA512
  
  dd57e732aa2523348f6ccaebe14121f6c726246e6639dd6faf661d75f73cc6e0abe8cbf917429b3a281c5c22d1202f2bfd0ef065f9e4254e8a34ee233cf91cf5
- SSDEEP
  
  3072:JsJ0ENN8iC97Oj5+enWDxKJL0vzhCLCg8mzyvjK7nqoviBvM2C8EvcF2IAJjXa2S:JYa8FYvdICwzyLYn6D2IYTjz1Z40
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2