gcleaner | b5aa79176608e720e13929625256b2c78692d178ceb596568fde11aefda566ff | Triage

Sharing

General

Target

b5aa79176608e720e13929625256b2c78692d178ceb596568fde11aefda566ff
Size

367KB
Sample

240523-fe4btaec77
MD5

bff6423740c8b46aab327108a05c2753
SHA1

167b1a96867aadfaee6093d89dcdf095745339c6
SHA256

b5aa79176608e720e13929625256b2c78692d178ceb596568fde11aefda566ff
SHA512

b24ca5f68c96543e41f02566cc8e826cf4d756cbcf896947cf47dd4d5841ec50f760c3962a80f96de3826988c14ec274a9c021b22ecbc37ce0bc1f36cd16c452
SSDEEP

3072:1LjTho9/yTx0aB2LkTkLta8GRpd7hSGnAmt3bUFLsVR/p9pGu5cyIlU0:1LjThwQxZ2Lkg5mrNSUq+p96s

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  b5aa79176608e720e13929625256b2c78692d178ceb596568fde11aefda566ff
- Size
  
  367KB
- MD5
  
  bff6423740c8b46aab327108a05c2753
- SHA1
  
  167b1a96867aadfaee6093d89dcdf095745339c6
- SHA256
  
  b5aa79176608e720e13929625256b2c78692d178ceb596568fde11aefda566ff
- SHA512
  
  b24ca5f68c96543e41f02566cc8e826cf4d756cbcf896947cf47dd4d5841ec50f760c3962a80f96de3826988c14ec274a9c021b22ecbc37ce0bc1f36cd16c452
- SSDEEP
  
  3072:1LjTho9/yTx0aB2LkTkLta8GRpd7hSGnAmt3bUFLsVR/p9pGu5cyIlU0:1LjThwQxZ2Lkg5mrNSUq+p96s
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2