gcleaner | 085ad204e85d66f16ed572a61b5319d90f6047f85da6a42f07eae5229f4c79f5 | Triage

Sharing

General

Target

085ad204e85d66f16ed572a61b5319d90f6047f85da6a42f07eae5229f4c79f5
Size

234KB
Sample

240521-fefkraaa9w
MD5

10ce4f27695a42574059e5fd8b342760
SHA1

fc96ec057a00ccfa5491e40c01bafa1249da59e9
SHA256

085ad204e85d66f16ed572a61b5319d90f6047f85da6a42f07eae5229f4c79f5
SHA512

0e32d8deb124ff86f37bffab0f9a052af6697764e5835938a98331661256a42ba16c702e360ca33980d799414fc5ac87ac62f547ff4d654e58f06e7b04d68b3a
SSDEEP

3072:De4EUm1rm8/JmSHWj3QFO0degWLz6a7w+MvC27uFlX5MvbX:1V4CSHYg4RMrClab

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes

url_path
/advdlc.php

Targets

- Target
  
  085ad204e85d66f16ed572a61b5319d90f6047f85da6a42f07eae5229f4c79f5
- Size
  
  234KB
- MD5
  
  10ce4f27695a42574059e5fd8b342760
- SHA1
  
  fc96ec057a00ccfa5491e40c01bafa1249da59e9
- SHA256
  
  085ad204e85d66f16ed572a61b5319d90f6047f85da6a42f07eae5229f4c79f5
- SHA512
  
  0e32d8deb124ff86f37bffab0f9a052af6697764e5835938a98331661256a42ba16c702e360ca33980d799414fc5ac87ac62f547ff4d654e58f06e7b04d68b3a
- SSDEEP
  
  3072:De4EUm1rm8/JmSHWj3QFO0degWLz6a7w+MvC27uFlX5MvbX:1V4CSHYg4RMrClab
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2