gcleaner | b3d4190f9c749cbf9167065f8dc91472f27007ade7c98e71f051774ac8547f84 | Triage

Sharing

General

Target

b3d4190f9c749cbf9167065f8dc91472f27007ade7c98e71f051774ac8547f84
Size

267KB
Sample

240522-mfzhksbh4s
MD5

1be12462e949a58fade4de4d9e9bf99e
SHA1

58353d900dc5454ef1a1fdd836654a0f2574bc0a
SHA256

b3d4190f9c749cbf9167065f8dc91472f27007ade7c98e71f051774ac8547f84
SHA512

db9952717e6124772ec18dabe9d7d804e7685aaf087726497bf7e5b7efae90871ea9e6ef67feec5a165cf55e5eadc0a36083025cc619d9040f2c5cb39da82797
SSDEEP

3072:vslawtULtNe6cFUpZs9+jSgiLEKEIWFEoghNaceCbn0X3OuirVv71HhBF+iOqebd:GaJre6oOqzgIFhNWCLiCvpC9qxYY

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  b3d4190f9c749cbf9167065f8dc91472f27007ade7c98e71f051774ac8547f84
- Size
  
  267KB
- MD5
  
  1be12462e949a58fade4de4d9e9bf99e
- SHA1
  
  58353d900dc5454ef1a1fdd836654a0f2574bc0a
- SHA256
  
  b3d4190f9c749cbf9167065f8dc91472f27007ade7c98e71f051774ac8547f84
- SHA512
  
  db9952717e6124772ec18dabe9d7d804e7685aaf087726497bf7e5b7efae90871ea9e6ef67feec5a165cf55e5eadc0a36083025cc619d9040f2c5cb39da82797
- SSDEEP
  
  3072:vslawtULtNe6cFUpZs9+jSgiLEKEIWFEoghNaceCbn0X3OuirVv71HhBF+iOqebd:GaJre6oOqzgIFhNWCLiCvpC9qxYY
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2