gcleaner | 441e5e59d01f656d8cb69cf40ee60938e91f422c03b2556de953f811a839df92 | Triage

Sharing

General

Target

441e5e59d01f656d8cb69cf40ee60938e91f422c03b2556de953f811a839df92
Size

270KB
Sample

240522-tspmgagh9v
MD5

2dd4c7105c13ef07fba4aa155e081840
SHA1

e8d328c9e163490b0d22f781bc6fbaa481b97ad7
SHA256

441e5e59d01f656d8cb69cf40ee60938e91f422c03b2556de953f811a839df92
SHA512

53998bc7f2b227a63a559db41e2587d3e318667e1c9abeed937a10e0661bdfba1d34e70ca543ef45aa8d7311f56047cf483f61b0ed7221bca5245b578090f833
SSDEEP

3072:Es2Fhz52XsaRmJ+w+JkAu/heWp0gaWOsGI7b8nrvD3UD7hLSe8140QYtJqUAsZ/3:WccymjqBW65YGIsnrAX14tOMF

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  441e5e59d01f656d8cb69cf40ee60938e91f422c03b2556de953f811a839df92
- Size
  
  270KB
- MD5
  
  2dd4c7105c13ef07fba4aa155e081840
- SHA1
  
  e8d328c9e163490b0d22f781bc6fbaa481b97ad7
- SHA256
  
  441e5e59d01f656d8cb69cf40ee60938e91f422c03b2556de953f811a839df92
- SHA512
  
  53998bc7f2b227a63a559db41e2587d3e318667e1c9abeed937a10e0661bdfba1d34e70ca543ef45aa8d7311f56047cf483f61b0ed7221bca5245b578090f833
- SSDEEP
  
  3072:Es2Fhz52XsaRmJ+w+JkAu/heWp0gaWOsGI7b8nrvD3UD7hLSe8140QYtJqUAsZ/3:WccymjqBW65YGIsnrAX14tOMF
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2