gcleaner | ed78b55c8100789d04ea0bc74342778ba82a3943904f6e441b6c53b4fc99299c | Triage

Sharing

General

Target

ed78b55c8100789d04ea0bc74342778ba82a3943904f6e441b6c53b4fc99299c
Size

331KB
Sample

240525-f91t6sga58
MD5

31136745ef22d3b72aee0d61214f7cbf
SHA1

09e60cea6d80a474f54e963dce1a8649c63c4a0a
SHA256

ed78b55c8100789d04ea0bc74342778ba82a3943904f6e441b6c53b4fc99299c
SHA512

4220fbee8d4db8020b0bfc0719c14fb7ff45dbbc49477c8a57ca4fd61bbef55c74feee07eb2067b98cf411dc16051a7cc7020838d9f21e664c5c4f5322094fc4
SSDEEP

3072:3teHTDxm9M3bqoATV7VmsqYM4VrmR/WvZlmpag5Y4/iqXXnZBmM5uSyJUI:deHnxiBV7VmsqYnmRO4aF4/i+XnZ8j0

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  ed78b55c8100789d04ea0bc74342778ba82a3943904f6e441b6c53b4fc99299c
- Size
  
  331KB
- MD5
  
  31136745ef22d3b72aee0d61214f7cbf
- SHA1
  
  09e60cea6d80a474f54e963dce1a8649c63c4a0a
- SHA256
  
  ed78b55c8100789d04ea0bc74342778ba82a3943904f6e441b6c53b4fc99299c
- SHA512
  
  4220fbee8d4db8020b0bfc0719c14fb7ff45dbbc49477c8a57ca4fd61bbef55c74feee07eb2067b98cf411dc16051a7cc7020838d9f21e664c5c4f5322094fc4
- SSDEEP
  
  3072:3teHTDxm9M3bqoATV7VmsqYM4VrmR/WvZlmpag5Y4/iqXXnZBmM5uSyJUI:deHnxiBV7VmsqYnmRO4aF4/i+XnZ8j0
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2