gcleaner | 9d52bcacd553ba69e3fecb931e9d19aa2aa78551b03c7d961c1982b452be603f | Triage

Sharing

General

Target

9d52bcacd553ba69e3fecb931e9d19aa2aa78551b03c7d961c1982b452be603f
Size

290KB
Sample

240525-js4raabb52
MD5

a61394fd60b2526fc22fdcedc218fcb9
SHA1

4483ac3deadb1a98ba44a83189383f0cde8b9396
SHA256

9d52bcacd553ba69e3fecb931e9d19aa2aa78551b03c7d961c1982b452be603f
SHA512

4e97e914dceda133476d2416f07ef257cd7b37593d2f3e3895f9d2c8e4a11d332b02c393216496b3206d7daf7e2c09a81929fce5d899ed4aa1ad75b2f44b0c20
SSDEEP

6144:SPJ5ahGTNWhGXlAJ/7GdbMefPKdUKVbJsg4Udn6Vg2cT:SckNKGXl47GXnMnVbJjWQ

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  9d52bcacd553ba69e3fecb931e9d19aa2aa78551b03c7d961c1982b452be603f
- Size
  
  290KB
- MD5
  
  a61394fd60b2526fc22fdcedc218fcb9
- SHA1
  
  4483ac3deadb1a98ba44a83189383f0cde8b9396
- SHA256
  
  9d52bcacd553ba69e3fecb931e9d19aa2aa78551b03c7d961c1982b452be603f
- SHA512
  
  4e97e914dceda133476d2416f07ef257cd7b37593d2f3e3895f9d2c8e4a11d332b02c393216496b3206d7daf7e2c09a81929fce5d899ed4aa1ad75b2f44b0c20
- SSDEEP
  
  6144:SPJ5ahGTNWhGXlAJ/7GdbMefPKdUKVbJsg4Udn6Vg2cT:SckNKGXl47GXnMnVbJjWQ
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2