gcleaner | 78a63438d461feb4bc08815780426f4426776407c09aada3622033d1f6d3c293 | Triage

Sharing

General

Target

78a63438d461feb4bc08815780426f4426776407c09aada3622033d1f6d3c293
Size

357KB
Sample

240523-s3lswsfh81
MD5

a07fb89e0682ebe5081b234c07c26bf2
SHA1

25bddc09e76a4df0a28df2caba22a5a87ca4f0ed
SHA256

78a63438d461feb4bc08815780426f4426776407c09aada3622033d1f6d3c293
SHA512

7e9964f5a6371dadc14d2aeca1d3ed2d19c2938eecf3f0f56fc009b95a70ed069ed12e3a9c546c758a12a36f360980b6d4b8b81c4eede0d05406bc121fd1557d
SSDEEP

3072:e90unpUrdGeRge6a858FrZdUhlMTtYFtHsOWcluJdOjCnXeyQvlN5O2+/xuU9:equpaGeRr6HCFNQqoHwcluzOmnu3Ot

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  78a63438d461feb4bc08815780426f4426776407c09aada3622033d1f6d3c293
- Size
  
  357KB
- MD5
  
  a07fb89e0682ebe5081b234c07c26bf2
- SHA1
  
  25bddc09e76a4df0a28df2caba22a5a87ca4f0ed
- SHA256
  
  78a63438d461feb4bc08815780426f4426776407c09aada3622033d1f6d3c293
- SHA512
  
  7e9964f5a6371dadc14d2aeca1d3ed2d19c2938eecf3f0f56fc009b95a70ed069ed12e3a9c546c758a12a36f360980b6d4b8b81c4eede0d05406bc121fd1557d
- SSDEEP
  
  3072:e90unpUrdGeRge6a858FrZdUhlMTtYFtHsOWcluJdOjCnXeyQvlN5O2+/xuU9:equpaGeRr6HCFNQqoHwcluzOmnu3Ot
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2