gcleaner | 194c256ee34b7f4fe7f124c2730f6a7e1013b08cba21445a6d91fe35b181f0fa | Triage

Sharing

General

Target

194c256ee34b7f4fe7f124c2730f6a7e1013b08cba21445a6d91fe35b181f0fa
Size

345KB
Sample

240527-3mrdjsec61
MD5

ec8d9521789d53fae1fae2ff88c62ab9
SHA1

6ce8f5bba9cf0582d34e2ccc7799e61dfcd07adc
SHA256

194c256ee34b7f4fe7f124c2730f6a7e1013b08cba21445a6d91fe35b181f0fa
SHA512

6ce27af0530a9bb2a8e904d2606411341d3c8350d77c6def5f8a7f3e5b87ae9d51f26cf0d5da42e359778934c06a252e897605f0b3f1d787afbf4c6c3cbc94e4
SSDEEP

3072:pOLHAZA3WPt3MmjO36DRJu46JVxsu+cRDj9RbEvBhj9370taV7du45evwu/e:pO0Amtcmj+vBb+c1BV+B19370tcooUe

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  194c256ee34b7f4fe7f124c2730f6a7e1013b08cba21445a6d91fe35b181f0fa
- Size
  
  345KB
- MD5
  
  ec8d9521789d53fae1fae2ff88c62ab9
- SHA1
  
  6ce8f5bba9cf0582d34e2ccc7799e61dfcd07adc
- SHA256
  
  194c256ee34b7f4fe7f124c2730f6a7e1013b08cba21445a6d91fe35b181f0fa
- SHA512
  
  6ce27af0530a9bb2a8e904d2606411341d3c8350d77c6def5f8a7f3e5b87ae9d51f26cf0d5da42e359778934c06a252e897605f0b3f1d787afbf4c6c3cbc94e4
- SSDEEP
  
  3072:pOLHAZA3WPt3MmjO36DRJu46JVxsu+cRDj9RbEvBhj9370taV7du45evwu/e:pO0Amtcmj+vBb+c1BV+B19370tcooUe
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2