gcleaner | 7d16d748b50b96af9463f72ffb4646dad6d0b399b150e42bdd2542e2cc014dbd | Triage

Sharing

General

Target

7d16d748b50b96af9463f72ffb4646dad6d0b399b150e42bdd2542e2cc014dbd
Size

360KB
Sample

240521-qlm9aafc59
MD5

b725adf3244f06223c69c991617546a5
SHA1

50baac6054c0dd4ecdfc52953555116c2d1a19fe
SHA256

7d16d748b50b96af9463f72ffb4646dad6d0b399b150e42bdd2542e2cc014dbd
SHA512

c687aa509224bc68835c066dc1f627f15b090d8a35d3f0872d97148cb5d793a2ec127778167254058883e4c9854500d362a94229276f26fd49802f7e7e818d4a
SSDEEP

3072:+1sIm5FmI9FtoEueykAS5H4vukzXBsS6KHi1ynwNwjcFAk02wE5YS6p7HBy:Ks/5RFOGAvrm+iEwNwjcFAk0jlB

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  7d16d748b50b96af9463f72ffb4646dad6d0b399b150e42bdd2542e2cc014dbd
- Size
  
  360KB
- MD5
  
  b725adf3244f06223c69c991617546a5
- SHA1
  
  50baac6054c0dd4ecdfc52953555116c2d1a19fe
- SHA256
  
  7d16d748b50b96af9463f72ffb4646dad6d0b399b150e42bdd2542e2cc014dbd
- SHA512
  
  c687aa509224bc68835c066dc1f627f15b090d8a35d3f0872d97148cb5d793a2ec127778167254058883e4c9854500d362a94229276f26fd49802f7e7e818d4a
- SSDEEP
  
  3072:+1sIm5FmI9FtoEueykAS5H4vukzXBsS6KHi1ynwNwjcFAk02wE5YS6p7HBy:Ks/5RFOGAvrm+iEwNwjcFAk0jlB
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2