gcleaner | 81e3dea24b09a6ac3a24620402dc6bbcbf23d01faa45e05443ce4c47a05e60c4 | Triage

Sharing

General

Target

81e3dea24b09a6ac3a24620402dc6bbcbf23d01faa45e05443ce4c47a05e60c4
Size

317KB
Sample

240526-2c1c2aec8x
MD5

300ac88cb620c7f146cd5f8304512f8e
SHA1

443e0dc509a77c933fa066fc3d490800416c035c
SHA256

81e3dea24b09a6ac3a24620402dc6bbcbf23d01faa45e05443ce4c47a05e60c4
SHA512

8dd90d5a7161cdae6414b8eda964228711d65d3fd45abbf3226ffeed8bfcfaa74b63d0281f8970606d0770e7c5dac66a90f0f838185a6cdcef262b1148ce9911
SSDEEP

6144:dxTINo/Suhyu3XRAgLhXVfR5ODBFKB11IOet7LWT:nIOSuhyuaehX6F81ya

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  81e3dea24b09a6ac3a24620402dc6bbcbf23d01faa45e05443ce4c47a05e60c4
- Size
  
  317KB
- MD5
  
  300ac88cb620c7f146cd5f8304512f8e
- SHA1
  
  443e0dc509a77c933fa066fc3d490800416c035c
- SHA256
  
  81e3dea24b09a6ac3a24620402dc6bbcbf23d01faa45e05443ce4c47a05e60c4
- SHA512
  
  8dd90d5a7161cdae6414b8eda964228711d65d3fd45abbf3226ffeed8bfcfaa74b63d0281f8970606d0770e7c5dac66a90f0f838185a6cdcef262b1148ce9911
- SSDEEP
  
  6144:dxTINo/Suhyu3XRAgLhXVfR5ODBFKB11IOet7LWT:nIOSuhyuaehX6F81ya
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2