gcleaner | e0fa2dad2f6260cd87cffc06b7c5d71eaeb0c32ae9b8504d55e093e3439c0be5 | Triage

Sharing

General

Target

e0fa2dad2f6260cd87cffc06b7c5d71eaeb0c32ae9b8504d55e093e3439c0be5
Size

288KB
Sample

240520-h8dz5aab51
MD5

3086fc47b4190ec7360d60d6d4ff1bda
SHA1

64372c56e3bc982b11c0dcf42c94ad413bc76ff7
SHA256

e0fa2dad2f6260cd87cffc06b7c5d71eaeb0c32ae9b8504d55e093e3439c0be5
SHA512

8c25a5ce9ec59870b7a423247329c7dadf159216b92bc4e93b1738bdcf71c2529dbb19042098874550c894c86f0c03a60e02b2b482bfdbc802ead3a0cf6608d3
SSDEEP

3072:LOJV53XgJZ6sO6j+znXlgQm5mn+ZQnmP2nbn/s+CO90Y7ysZ1w5FFN+qR8uibMFg:LJ5anvmqn/sWW40N+qPiAFaskIOZ40

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  e0fa2dad2f6260cd87cffc06b7c5d71eaeb0c32ae9b8504d55e093e3439c0be5
- Size
  
  288KB
- MD5
  
  3086fc47b4190ec7360d60d6d4ff1bda
- SHA1
  
  64372c56e3bc982b11c0dcf42c94ad413bc76ff7
- SHA256
  
  e0fa2dad2f6260cd87cffc06b7c5d71eaeb0c32ae9b8504d55e093e3439c0be5
- SHA512
  
  8c25a5ce9ec59870b7a423247329c7dadf159216b92bc4e93b1738bdcf71c2529dbb19042098874550c894c86f0c03a60e02b2b482bfdbc802ead3a0cf6608d3
- SSDEEP
  
  3072:LOJV53XgJZ6sO6j+znXlgQm5mn+ZQnmP2nbn/s+CO90Y7ysZ1w5FFN+qR8uibMFg:LJ5anvmqn/sWW40N+qPiAFaskIOZ40
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2