gcleaner | 08685f1c124422454dc52cad0d42b68109bd1c4d9c4f56ce67ed1959b4358098 | Triage

Sharing

General

Target

08685f1c124422454dc52cad0d42b68109bd1c4d9c4f56ce67ed1959b4358098
Size

277KB
Sample

240524-fwepsaef87
MD5

39c9ac76013c43e4d824f46780853fef
SHA1

254741f6975cb20e98e212bb9c7b4c8c70bb9241
SHA256

08685f1c124422454dc52cad0d42b68109bd1c4d9c4f56ce67ed1959b4358098
SHA512

ff3ab1f1c693aa1f11f6732292225bf00a5dacf89c73d58ba44c164d7443bf106a077ca74bc3816504a3896e343097194e9bdf65b367854e8d1a3b8d99fcb852
SSDEEP

3072:FuzgfDO5OQCAoDeJbB+OEll5+t5an/RJarFiBmqCx6lIylW0TTudOJ/vNU4O7ufO:jfD6CbqJlAz/Ragkhx6l44aIRNxvf

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  08685f1c124422454dc52cad0d42b68109bd1c4d9c4f56ce67ed1959b4358098
- Size
  
  277KB
- MD5
  
  39c9ac76013c43e4d824f46780853fef
- SHA1
  
  254741f6975cb20e98e212bb9c7b4c8c70bb9241
- SHA256
  
  08685f1c124422454dc52cad0d42b68109bd1c4d9c4f56ce67ed1959b4358098
- SHA512
  
  ff3ab1f1c693aa1f11f6732292225bf00a5dacf89c73d58ba44c164d7443bf106a077ca74bc3816504a3896e343097194e9bdf65b367854e8d1a3b8d99fcb852
- SSDEEP
  
  3072:FuzgfDO5OQCAoDeJbB+OEll5+t5an/RJarFiBmqCx6lIylW0TTudOJ/vNU4O7ufO:jfD6CbqJlAz/Ragkhx6l44aIRNxvf
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2