gcleaner | 77f5514a159e816442793a82897ef2e64a6fc4199fc8cc4d535494c1b9cad388 | Triage

Sharing

General

Target

77f5514a159e816442793a82897ef2e64a6fc4199fc8cc4d535494c1b9cad388
Size

277KB
Sample

240524-l44xjadc92
MD5

9bad4b2e33b5f46cd55e649f44f27e90
SHA1

6cfe6ef810f28a4e562e9e36e53fe1dec1dde4e3
SHA256

77f5514a159e816442793a82897ef2e64a6fc4199fc8cc4d535494c1b9cad388
SHA512

251c75fa82aff8902bf52581164a16cb9b9efaf2902eecca7a5b81b7d8d21560594b6e2c0bc272ef72d4a0b4b1bda069fb463dd1d7eaabd5704fa005d4682c89
SSDEEP

6144:xDh9q1Lk0EIqdME2iDpDNSbIEzHyd3hYPOw:xDh92Lk0t1ZQ0JbYw

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  77f5514a159e816442793a82897ef2e64a6fc4199fc8cc4d535494c1b9cad388
- Size
  
  277KB
- MD5
  
  9bad4b2e33b5f46cd55e649f44f27e90
- SHA1
  
  6cfe6ef810f28a4e562e9e36e53fe1dec1dde4e3
- SHA256
  
  77f5514a159e816442793a82897ef2e64a6fc4199fc8cc4d535494c1b9cad388
- SHA512
  
  251c75fa82aff8902bf52581164a16cb9b9efaf2902eecca7a5b81b7d8d21560594b6e2c0bc272ef72d4a0b4b1bda069fb463dd1d7eaabd5704fa005d4682c89
- SSDEEP
  
  6144:xDh9q1Lk0EIqdME2iDpDNSbIEzHyd3hYPOw:xDh92Lk0t1ZQ0JbYw
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2