gcleaner | 3abd54be7c96b8f42d6bec2a62d174de538a404a1dcc07cdd02e5035518c2de1 | Triage

Sharing

General

Target

3abd54be7c96b8f42d6bec2a62d174de538a404a1dcc07cdd02e5035518c2de1
Size

276KB
Sample

240524-yh1dfahc47
MD5

2bc0a14889b50348187bb816a36725e8
SHA1

e7518022d51f9cca15a92a2f9bd4021773315a63
SHA256

3abd54be7c96b8f42d6bec2a62d174de538a404a1dcc07cdd02e5035518c2de1
SHA512

9551be263b6b3eb62e7392e78cb374b86ce56387dd1080e51335f5adcb2f1def26b7062ec61b33953df3e31672b59cc3fc8b257cb7aa8a5b5272d739670712a3
SSDEEP

3072:ZuGnnMlToA3ahjY3T+iMkS2lL7EMyTfqeVQph9+DwiCy+2+Pi/Y6HgltBhkONwwB:rnM9qJigg7E3LYb9Hi42qi/Alq8

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  3abd54be7c96b8f42d6bec2a62d174de538a404a1dcc07cdd02e5035518c2de1
- Size
  
  276KB
- MD5
  
  2bc0a14889b50348187bb816a36725e8
- SHA1
  
  e7518022d51f9cca15a92a2f9bd4021773315a63
- SHA256
  
  3abd54be7c96b8f42d6bec2a62d174de538a404a1dcc07cdd02e5035518c2de1
- SHA512
  
  9551be263b6b3eb62e7392e78cb374b86ce56387dd1080e51335f5adcb2f1def26b7062ec61b33953df3e31672b59cc3fc8b257cb7aa8a5b5272d739670712a3
- SSDEEP
  
  3072:ZuGnnMlToA3ahjY3T+iMkS2lL7EMyTfqeVQph9+DwiCy+2+Pi/Y6HgltBhkONwwB:rnM9qJigg7E3LYb9Hi42qi/Alq8
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2