gcleaner | 33cfc7424055a4bdb59e403f9cd5f00f86766a1f385f8d44b405fcbae75da48c | Triage

Sharing

General

Target

33cfc7424055a4bdb59e403f9cd5f00f86766a1f385f8d44b405fcbae75da48c
Size

270KB
Sample

240522-ysy85aef82
MD5

0d7bc4f75ec2bf635a8b0ce7f3b4e009
SHA1

b40e2d30a51a267374cdb2dc9dcc8a962ee5b9c4
SHA256

33cfc7424055a4bdb59e403f9cd5f00f86766a1f385f8d44b405fcbae75da48c
SHA512

59b1b16baef14b08be2811040e62a6b706edebcee188576fe9df9c65e9bd5e98a78eaf0a8d6aef887ed0682a07ebfdb92980dc07993c527b3fbd9c95e441442d
SSDEEP

6144:ToqoKiWrGhDQf8VtT5c0/w5qcGCnyzJneVNGbBCZI:TNhiWr2DHVtT5hY36JeVuBH

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  33cfc7424055a4bdb59e403f9cd5f00f86766a1f385f8d44b405fcbae75da48c
- Size
  
  270KB
- MD5
  
  0d7bc4f75ec2bf635a8b0ce7f3b4e009
- SHA1
  
  b40e2d30a51a267374cdb2dc9dcc8a962ee5b9c4
- SHA256
  
  33cfc7424055a4bdb59e403f9cd5f00f86766a1f385f8d44b405fcbae75da48c
- SHA512
  
  59b1b16baef14b08be2811040e62a6b706edebcee188576fe9df9c65e9bd5e98a78eaf0a8d6aef887ed0682a07ebfdb92980dc07993c527b3fbd9c95e441442d
- SSDEEP
  
  6144:ToqoKiWrGhDQf8VtT5c0/w5qcGCnyzJneVNGbBCZI:TNhiWr2DHVtT5hY36JeVuBH
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2