gcleaner | 625f6d25ec7575ecdeba86082b63f829d149349fe460bfe39fa3c02b288a057d | Triage

Sharing

General

Target

625f6d25ec7575ecdeba86082b63f829d149349fe460bfe39fa3c02b288a057d
Size

271KB
Sample

240523-as7y9seg5v
MD5

29a578e9ca5f23457a46957565033ed1
SHA1

045244ff6ab7488196eefbb98e80d7e3d08bcfab
SHA256

625f6d25ec7575ecdeba86082b63f829d149349fe460bfe39fa3c02b288a057d
SHA512

8e4c1770383af78e41b44a1ae6e0821b74c27697d52115a7da07b110da48ea7d7689fdec3ca44fcfd236942d6b38e0873efab4f27bba717264ae99d0de666bb3
SSDEEP

3072:qszvEp6yhByoQ2g2Z6+ls2w4NVRQEQBB/p5VPcLJT/am0Az13luQrhRT8UeaFXOu:V3QYo89GgjxTUVr0Az11uARTFeaFhP7

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  625f6d25ec7575ecdeba86082b63f829d149349fe460bfe39fa3c02b288a057d
- Size
  
  271KB
- MD5
  
  29a578e9ca5f23457a46957565033ed1
- SHA1
  
  045244ff6ab7488196eefbb98e80d7e3d08bcfab
- SHA256
  
  625f6d25ec7575ecdeba86082b63f829d149349fe460bfe39fa3c02b288a057d
- SHA512
  
  8e4c1770383af78e41b44a1ae6e0821b74c27697d52115a7da07b110da48ea7d7689fdec3ca44fcfd236942d6b38e0873efab4f27bba717264ae99d0de666bb3
- SSDEEP
  
  3072:qszvEp6yhByoQ2g2Z6+ls2w4NVRQEQBB/p5VPcLJT/am0Az13luQrhRT8UeaFXOu:V3QYo89GgjxTUVr0Az11uARTFeaFhP7
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2