gcleaner | a8e670addc2416e691f259146e2eca4e8448911e93f438ac4b23c9b6d46169f6 | Triage

Sharing

General

Target

a8e670addc2416e691f259146e2eca4e8448911e93f438ac4b23c9b6d46169f6
Size

255KB
Sample

240520-p1rdtaca4w
MD5

3c3969cc64c9f17a2fc232bb6adc22f2
SHA1

4a63e6ef037fd3e5ffcc97609258c72ebad88ab0
SHA256

a8e670addc2416e691f259146e2eca4e8448911e93f438ac4b23c9b6d46169f6
SHA512

d573d247c8e6cc287691d7f6c1141b2074aa39fdcbc07f6c4a684307ecc136901b73bcbd0bf9b6e6c418af732bdd1794794253d9d5957f52d67409cb9a9b35a6
SSDEEP

3072:0S9kujIn3OfhxFb+EmBFV8z9AXlJSkIrjw3vNldU11bAS1UyGYNlThZAZ40Ud8:0vktiZpO1Pw3bsZAyUnylThZAZ40

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes

url_path
/advdlc.php

Targets

- Target
  
  a8e670addc2416e691f259146e2eca4e8448911e93f438ac4b23c9b6d46169f6
- Size
  
  255KB
- MD5
  
  3c3969cc64c9f17a2fc232bb6adc22f2
- SHA1
  
  4a63e6ef037fd3e5ffcc97609258c72ebad88ab0
- SHA256
  
  a8e670addc2416e691f259146e2eca4e8448911e93f438ac4b23c9b6d46169f6
- SHA512
  
  d573d247c8e6cc287691d7f6c1141b2074aa39fdcbc07f6c4a684307ecc136901b73bcbd0bf9b6e6c418af732bdd1794794253d9d5957f52d67409cb9a9b35a6
- SSDEEP
  
  3072:0S9kujIn3OfhxFb+EmBFV8z9AXlJSkIrjw3vNldU11bAS1UyGYNlThZAZ40Ud8:0vktiZpO1Pw3bsZAyUnylThZAZ40
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2