gcleaner | 0e4cdfa6fe6a39add920d243f7a5c0313d8278db5c23b5b851c44d958b3edb88 | Triage

Sharing

General

Target

0e4cdfa6fe6a39add920d243f7a5c0313d8278db5c23b5b851c44d958b3edb88
Size

269KB
Sample

240521-pfmj5add7s
MD5

12e153367bb1836dc2a62615abc29764
SHA1

f884664281bc87b8a48b76e57da39e2f15547dce
SHA256

0e4cdfa6fe6a39add920d243f7a5c0313d8278db5c23b5b851c44d958b3edb88
SHA512

44d5af02eb3849da3b5c5a13b09737ca70019e0b1130dba2f639c3ed8d685b5d893d58df692f0a40f376f26c9397959c2e261f87cfbf05361c5cd7de4f4267a5
SSDEEP

3072:N5PhlEhZrqjKNNTJjOVrVj2PQXyyhWpNNAeDzWmklG3ITKRRda58Ueq:NZhKZrtNaVLXyy8NNZDklyhR

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  0e4cdfa6fe6a39add920d243f7a5c0313d8278db5c23b5b851c44d958b3edb88
- Size
  
  269KB
- MD5
  
  12e153367bb1836dc2a62615abc29764
- SHA1
  
  f884664281bc87b8a48b76e57da39e2f15547dce
- SHA256
  
  0e4cdfa6fe6a39add920d243f7a5c0313d8278db5c23b5b851c44d958b3edb88
- SHA512
  
  44d5af02eb3849da3b5c5a13b09737ca70019e0b1130dba2f639c3ed8d685b5d893d58df692f0a40f376f26c9397959c2e261f87cfbf05361c5cd7de4f4267a5
- SSDEEP
  
  3072:N5PhlEhZrqjKNNTJjOVrVj2PQXyyhWpNNAeDzWmklG3ITKRRda58Ueq:NZhKZrtNaVLXyy8NNZDklyhR
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2