gcleaner | 93b414544b8272c9e6d42921eef3906e214d8c61e4376738fdebb47b71cc60a9 | Triage

Sharing

General

Target

93b414544b8272c9e6d42921eef3906e214d8c61e4376738fdebb47b71cc60a9
Size

278KB
Sample

240524-pq4w6aca7x
MD5

2b7e835371403862a120eb71dbd3ff9d
SHA1

49030ff4f94ad8b5ce916848bbbc43d4225e8503
SHA256

93b414544b8272c9e6d42921eef3906e214d8c61e4376738fdebb47b71cc60a9
SHA512

ea93a523135c15bc0925ec2be4ce392adc0a9c0344885b6f31bfc97fbc77a46e6cd12826625bf82e93a14533969512f8bc4e06da78c3d7a07e2891fd0150ab1d
SSDEEP

6144:QXhbmsQbp6vrfg6Y0PP4KnFR3NQfmzRW:QXhblQbp6vDg3CP4KnHNo

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  93b414544b8272c9e6d42921eef3906e214d8c61e4376738fdebb47b71cc60a9
- Size
  
  278KB
- MD5
  
  2b7e835371403862a120eb71dbd3ff9d
- SHA1
  
  49030ff4f94ad8b5ce916848bbbc43d4225e8503
- SHA256
  
  93b414544b8272c9e6d42921eef3906e214d8c61e4376738fdebb47b71cc60a9
- SHA512
  
  ea93a523135c15bc0925ec2be4ce392adc0a9c0344885b6f31bfc97fbc77a46e6cd12826625bf82e93a14533969512f8bc4e06da78c3d7a07e2891fd0150ab1d
- SSDEEP
  
  6144:QXhbmsQbp6vrfg6Y0PP4KnFR3NQfmzRW:QXhblQbp6vDg3CP4KnHNo
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2