gcleaner | 6eecccb0f0a0b65fc520c137e2b4dd9d969e1fb41df341095750b0e3ebebaad8 | Triage

Sharing

General

Target

6eecccb0f0a0b65fc520c137e2b4dd9d969e1fb41df341095750b0e3ebebaad8
Size

380KB
Sample

240522-ahymvaee23
MD5

c98b465dcff9411ba3ca035ebc55bfd4
SHA1

f824b8eae510d7740a497f7e776a79e45c04b20b
SHA256

6eecccb0f0a0b65fc520c137e2b4dd9d969e1fb41df341095750b0e3ebebaad8
SHA512

a7c6b9d5413fa3f61db9ccfa642de2655f0c01b5248525816847057fe7bd6ad8f285cd09a79f6e983472cb0f6fd09d3fbacf527f58b4533bc618d818e75fe156
SSDEEP

6144:OOCKlZmp+Uk4OWGdljNHigSpTegb1+fHB:VCKjjUXOFijfg

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  6eecccb0f0a0b65fc520c137e2b4dd9d969e1fb41df341095750b0e3ebebaad8
- Size
  
  380KB
- MD5
  
  c98b465dcff9411ba3ca035ebc55bfd4
- SHA1
  
  f824b8eae510d7740a497f7e776a79e45c04b20b
- SHA256
  
  6eecccb0f0a0b65fc520c137e2b4dd9d969e1fb41df341095750b0e3ebebaad8
- SHA512
  
  a7c6b9d5413fa3f61db9ccfa642de2655f0c01b5248525816847057fe7bd6ad8f285cd09a79f6e983472cb0f6fd09d3fbacf527f58b4533bc618d818e75fe156
- SSDEEP
  
  6144:OOCKlZmp+Uk4OWGdljNHigSpTegb1+fHB:VCKjjUXOFijfg
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2