gcleaner | 3153c3109e15bad00cb9d96580ab612fa553c6c15d248dddbffc3f6f7930639a | Triage

Sharing

General

Target

3153c3109e15bad00cb9d96580ab612fa553c6c15d248dddbffc3f6f7930639a
Size

255KB
Sample

240520-swbdksfd85
MD5

12068b3c709689a76e7432ded539ab7c
SHA1

579515827d3db8f7a6c7fda2a3d68274538d7179
SHA256

3153c3109e15bad00cb9d96580ab612fa553c6c15d248dddbffc3f6f7930639a
SHA512

842b4b4adb51a8ba20748bd777cd413cb1f1254ae10f7f372b10374b6afe360e8e1eebf4ffccc524ba5b3d15280d2b408d6bb36f9b6a617c194784ac248697db
SSDEEP

6144:aehwWf8SYTepVWgv2YwRh9SDXgcj36+iMZ40:fhwWf8ApURVhiXgcb6Mq0

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes

url_path
/advdlc.php

Targets

- Target
  
  3153c3109e15bad00cb9d96580ab612fa553c6c15d248dddbffc3f6f7930639a
- Size
  
  255KB
- MD5
  
  12068b3c709689a76e7432ded539ab7c
- SHA1
  
  579515827d3db8f7a6c7fda2a3d68274538d7179
- SHA256
  
  3153c3109e15bad00cb9d96580ab612fa553c6c15d248dddbffc3f6f7930639a
- SHA512
  
  842b4b4adb51a8ba20748bd777cd413cb1f1254ae10f7f372b10374b6afe360e8e1eebf4ffccc524ba5b3d15280d2b408d6bb36f9b6a617c194784ac248697db
- SSDEEP
  
  6144:aehwWf8SYTepVWgv2YwRh9SDXgcj36+iMZ40:fhwWf8ApURVhiXgcb6Mq0
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2