gcleaner | a687c9797742a530c9ceb0749a408fa7d1248ca9bc8d44f49c30bbdf98841356 | Triage

Sharing

General

Target

a687c9797742a530c9ceb0749a408fa7d1248ca9bc8d44f49c30bbdf98841356
Size

287KB
Sample

240520-pw8sasbb84
MD5

07fb5ea5634bac4b19ea838e43710647
SHA1

51b00e580933da1666c6a7e37a3100bc7981f287
SHA256

a687c9797742a530c9ceb0749a408fa7d1248ca9bc8d44f49c30bbdf98841356
SHA512

f558c16fc40d0e8de949115aa19fd587b3b566ed67a0345de43862c61d0631bafb9d7f77a1a295898a654db6aec9ee1c1570d10522f9b3e69142a52eb80b2f8c
SSDEEP

6144:XxXHmOJ840xUW10pEMmhpOj48UGdPZ40:BXHmOOUtiMQSZjq0

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  a687c9797742a530c9ceb0749a408fa7d1248ca9bc8d44f49c30bbdf98841356
- Size
  
  287KB
- MD5
  
  07fb5ea5634bac4b19ea838e43710647
- SHA1
  
  51b00e580933da1666c6a7e37a3100bc7981f287
- SHA256
  
  a687c9797742a530c9ceb0749a408fa7d1248ca9bc8d44f49c30bbdf98841356
- SHA512
  
  f558c16fc40d0e8de949115aa19fd587b3b566ed67a0345de43862c61d0631bafb9d7f77a1a295898a654db6aec9ee1c1570d10522f9b3e69142a52eb80b2f8c
- SSDEEP
  
  6144:XxXHmOJ840xUW10pEMmhpOj48UGdPZ40:BXHmOOUtiMQSZjq0
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2