gcleaner | b5a43d68d468dab5cb5e51d2f67f924caf1b03d8cdc7217d791649a1fd24f903 | Triage

Sharing

General

Target

b5a43d68d468dab5cb5e51d2f67f924caf1b03d8cdc7217d791649a1fd24f903
Size

255KB
Sample

240520-k793aadf3v
MD5

7a09006c1fff614757e6ecc56ca83002
SHA1

5eb3103dea1bc25a3f223891bad7d737391b8739
SHA256

b5a43d68d468dab5cb5e51d2f67f924caf1b03d8cdc7217d791649a1fd24f903
SHA512

1da4abe4a8c1be3f9d95aaeeb503bc079d2c1c0b3c4cf895e1169cc8e4c9a3cd35858131bef15ffe7e9a54f26cda4c51232742c6baef5adc9bc79728834294f1
SSDEEP

6144:PY385ooT0DwnlgcXLJlHdqRq11tPhr1Z40:A385DoDwnmc7JXqRqLdq0

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes

url_path
/advdlc.php

Targets

- Target
  
  b5a43d68d468dab5cb5e51d2f67f924caf1b03d8cdc7217d791649a1fd24f903
- Size
  
  255KB
- MD5
  
  7a09006c1fff614757e6ecc56ca83002
- SHA1
  
  5eb3103dea1bc25a3f223891bad7d737391b8739
- SHA256
  
  b5a43d68d468dab5cb5e51d2f67f924caf1b03d8cdc7217d791649a1fd24f903
- SHA512
  
  1da4abe4a8c1be3f9d95aaeeb503bc079d2c1c0b3c4cf895e1169cc8e4c9a3cd35858131bef15ffe7e9a54f26cda4c51232742c6baef5adc9bc79728834294f1
- SSDEEP
  
  6144:PY385ooT0DwnlgcXLJlHdqRq11tPhr1Z40:A385DoDwnmc7JXqRqLdq0
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2