gcleaner | 5ed8c8693a2dddb59cc3c6eacdc9ab604a9fd2c5d54a4d66f3231aadcd488d1d | Triage

Sharing

General

Target

5ed8c8693a2dddb59cc3c6eacdc9ab604a9fd2c5d54a4d66f3231aadcd488d1d
Size

293KB
Sample

240525-xteenseg61
MD5

ae42e88d1994524ba3bdcd883c130362
SHA1

d478a2f2971a4d42e3cea4a6f4bdc7cbb2a16511
SHA256

5ed8c8693a2dddb59cc3c6eacdc9ab604a9fd2c5d54a4d66f3231aadcd488d1d
SHA512

210f9bdb167028ad0f2dd34d1b5f9be482f19c1fb5cc3da68aefdb0227f933229d88b0dd379a9e0fe5c60bb6f152d82556d0795381271e46ed36686a3d5c0aeb
SSDEEP

6144:wtjZMAM3J0OehQdYIjHhuaCqIqMNbokdT:GjZMfZ0OoQCIThuari

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  5ed8c8693a2dddb59cc3c6eacdc9ab604a9fd2c5d54a4d66f3231aadcd488d1d
- Size
  
  293KB
- MD5
  
  ae42e88d1994524ba3bdcd883c130362
- SHA1
  
  d478a2f2971a4d42e3cea4a6f4bdc7cbb2a16511
- SHA256
  
  5ed8c8693a2dddb59cc3c6eacdc9ab604a9fd2c5d54a4d66f3231aadcd488d1d
- SHA512
  
  210f9bdb167028ad0f2dd34d1b5f9be482f19c1fb5cc3da68aefdb0227f933229d88b0dd379a9e0fe5c60bb6f152d82556d0795381271e46ed36686a3d5c0aeb
- SSDEEP
  
  6144:wtjZMAM3J0OehQdYIjHhuaCqIqMNbokdT:GjZMfZ0OoQCIThuari
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2