gcleaner | b414918e358404e72e4d6ffd4d0c37464f0afd5b0a812da729f82d9408f6c647 | Triage

Sharing

General

Target

b414918e358404e72e4d6ffd4d0c37464f0afd5b0a812da729f82d9408f6c647
Size

234KB
Sample

240521-j2ztpaea62
MD5

4664f815119fa1a29d5668abef3cb7b6
SHA1

301b7fde9189d01ef1bb26287149aa0d819aab81
SHA256

b414918e358404e72e4d6ffd4d0c37464f0afd5b0a812da729f82d9408f6c647
SHA512

989cb7ebc581da3e13511032edee76960ea089846ed860a4a35fafc588f18eefb7c93fd0eae3e826c550981de5a79b121ccaac0dce1e0844b91f1ea50960272b
SSDEEP

3072:DPrXpLardBoUvKcdzB0+Pr0Bk4xgOcGLWA5MdlkU:X5WxBogrrJugiK

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes

url_path
/advdlc.php

Targets

- Target
  
  b414918e358404e72e4d6ffd4d0c37464f0afd5b0a812da729f82d9408f6c647
- Size
  
  234KB
- MD5
  
  4664f815119fa1a29d5668abef3cb7b6
- SHA1
  
  301b7fde9189d01ef1bb26287149aa0d819aab81
- SHA256
  
  b414918e358404e72e4d6ffd4d0c37464f0afd5b0a812da729f82d9408f6c647
- SHA512
  
  989cb7ebc581da3e13511032edee76960ea089846ed860a4a35fafc588f18eefb7c93fd0eae3e826c550981de5a79b121ccaac0dce1e0844b91f1ea50960272b
- SSDEEP
  
  3072:DPrXpLardBoUvKcdzB0+Pr0Bk4xgOcGLWA5MdlkU:X5WxBogrrJugiK
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2