gcleaner | 7375fcee184168a79edd22befa6bd9132921b7a1a22d77083bb94c40c435481a | Triage

Sharing

General

Target

7375fcee184168a79edd22befa6bd9132921b7a1a22d77083bb94c40c435481a
Size

235KB
Sample

240521-lrr27sgh48
MD5

fd424e2af4c5bcb272ba646f73a41820
SHA1

f8965d7d33b65633451f3392d05da55b9911eae5
SHA256

7375fcee184168a79edd22befa6bd9132921b7a1a22d77083bb94c40c435481a
SHA512

e87720b4ab8ae6be72e51a642528b5003c33ecb0ac83c23ab4bdc01ecd894d026855f1ba931263ffe42a8f895c52182a4437e3066c253e494286de18e109c6a9
SSDEEP

3072:EzlRxeGLK5zOTYbrYIXT58rXxcpoBlqyyjhdlqxKReabc6XlDPl50zn:cce9TuTTWDr1yFPRU16Xlw

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes

url_path
/advdlc.php

Targets

- Target
  
  7375fcee184168a79edd22befa6bd9132921b7a1a22d77083bb94c40c435481a
- Size
  
  235KB
- MD5
  
  fd424e2af4c5bcb272ba646f73a41820
- SHA1
  
  f8965d7d33b65633451f3392d05da55b9911eae5
- SHA256
  
  7375fcee184168a79edd22befa6bd9132921b7a1a22d77083bb94c40c435481a
- SHA512
  
  e87720b4ab8ae6be72e51a642528b5003c33ecb0ac83c23ab4bdc01ecd894d026855f1ba931263ffe42a8f895c52182a4437e3066c253e494286de18e109c6a9
- SSDEEP
  
  3072:EzlRxeGLK5zOTYbrYIXT58rXxcpoBlqyyjhdlqxKReabc6XlDPl50zn:cce9TuTTWDr1yFPRU16Xlw
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2