gcleaner | 81ff24729e0f30bc4d82c78b4f004b36a3af841bdb8e8e8d98878ea7badded17 | Triage

Sharing

General

Target

81ff24729e0f30bc4d82c78b4f004b36a3af841bdb8e8e8d98878ea7badded17
Size

288KB
Sample

240520-k4qt8sdd5t
MD5

d40b168ab9d25d52e91f20dbf283a162
SHA1

863f9c0b44663557491ca689c4e2903d6943bd42
SHA256

81ff24729e0f30bc4d82c78b4f004b36a3af841bdb8e8e8d98878ea7badded17
SHA512

ed4fba4db33b795fc5b4bfbc676643c7259a8f9a3645c9af72406c0fabfc5383cac8ec406a46cee7692a7af13786afead94f23162bb861e83a3bdce07441c800
SSDEEP

3072:1fJK/2u70bPua1yBj+2nvlApmRqMHYL8VO6Gvqo3eMwc89M/V8iHpcCHoNbmUoZ9:1ozLD0hOYLmO6C5l8O/CiJemUoSyZ40

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  81ff24729e0f30bc4d82c78b4f004b36a3af841bdb8e8e8d98878ea7badded17
- Size
  
  288KB
- MD5
  
  d40b168ab9d25d52e91f20dbf283a162
- SHA1
  
  863f9c0b44663557491ca689c4e2903d6943bd42
- SHA256
  
  81ff24729e0f30bc4d82c78b4f004b36a3af841bdb8e8e8d98878ea7badded17
- SHA512
  
  ed4fba4db33b795fc5b4bfbc676643c7259a8f9a3645c9af72406c0fabfc5383cac8ec406a46cee7692a7af13786afead94f23162bb861e83a3bdce07441c800
- SSDEEP
  
  3072:1fJK/2u70bPua1yBj+2nvlApmRqMHYL8VO6Gvqo3eMwc89M/V8iHpcCHoNbmUoZ9:1ozLD0hOYLmO6C5l8O/CiJemUoSyZ40
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2