gcleaner | 5f42e5bdef951ece973249376de8b01d250ad5cf075fbc8b578576a6321cf573 | Triage

Sharing

General

Target

5f42e5bdef951ece973249376de8b01d250ad5cf075fbc8b578576a6321cf573
Size

262KB
Sample

240522-lmtp8sba2t
MD5

635e01e3fd27ac5c8a4a00c44664af6f
SHA1

44d9e1f9f891822dc8987b51fbe2688ecaeeca0b
SHA256

5f42e5bdef951ece973249376de8b01d250ad5cf075fbc8b578576a6321cf573
SHA512

b3ea21309b25706a26fa8b6da7d8bfddba95724a707d27b2461979dd4e489b5de157dc3b21258c696dee2fc015591a413473edaf6c110333e11b8757f2417f0a
SSDEEP

6144:OGyMSj0l99zKx1N4XNS0ytlWB6t82wC1QilY:OGyrj0f9zKvcw0wlWM82wC9

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  5f42e5bdef951ece973249376de8b01d250ad5cf075fbc8b578576a6321cf573
- Size
  
  262KB
- MD5
  
  635e01e3fd27ac5c8a4a00c44664af6f
- SHA1
  
  44d9e1f9f891822dc8987b51fbe2688ecaeeca0b
- SHA256
  
  5f42e5bdef951ece973249376de8b01d250ad5cf075fbc8b578576a6321cf573
- SHA512
  
  b3ea21309b25706a26fa8b6da7d8bfddba95724a707d27b2461979dd4e489b5de157dc3b21258c696dee2fc015591a413473edaf6c110333e11b8757f2417f0a
- SSDEEP
  
  6144:OGyMSj0l99zKx1N4XNS0ytlWB6t82wC1QilY:OGyrj0f9zKvcw0wlWM82wC9
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2