gcleaner | 8bff409b5f2000f575688a87638b98d592c134b5846761357457a93680de35f8 | Triage

Sharing

General

Target

8bff409b5f2000f575688a87638b98d592c134b5846761357457a93680de35f8
Size

269KB
Sample

240521-s2sj2saf9z
MD5

1d02dbc7a19497a739f8db843b42bd15
SHA1

1376cf6fc76aaed204dd9abb4f85b3e43c093bef
SHA256

8bff409b5f2000f575688a87638b98d592c134b5846761357457a93680de35f8
SHA512

5da4137095a72d6557952591840debe07e84579101132d3e2affb4fb7defb71142603ae27995e22b449413fa5a5019e4f3dcfa998caded0b37aa3a28a03f8654
SSDEEP

3072:2lV142hxL8V3SuBboz7sPkhAbrHOGx0Xzmk/ujR8VE9blkWx8GiW5tsEX:2lQ2rSM7iGAbinvuN0E9gL

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  8bff409b5f2000f575688a87638b98d592c134b5846761357457a93680de35f8
- Size
  
  269KB
- MD5
  
  1d02dbc7a19497a739f8db843b42bd15
- SHA1
  
  1376cf6fc76aaed204dd9abb4f85b3e43c093bef
- SHA256
  
  8bff409b5f2000f575688a87638b98d592c134b5846761357457a93680de35f8
- SHA512
  
  5da4137095a72d6557952591840debe07e84579101132d3e2affb4fb7defb71142603ae27995e22b449413fa5a5019e4f3dcfa998caded0b37aa3a28a03f8654
- SSDEEP
  
  3072:2lV142hxL8V3SuBboz7sPkhAbrHOGx0Xzmk/ujR8VE9blkWx8GiW5tsEX:2lQ2rSM7iGAbinvuN0E9gL
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2