gcleaner | 3d5b2744c55705b2b95c8ba1a0b43d15230ca9dc431ab435e12907529336185e | Triage

Sharing

General

Target

3d5b2744c55705b2b95c8ba1a0b43d15230ca9dc431ab435e12907529336185e
Size

345KB
Sample

240527-3qjswafe78
MD5

61ad1470c852aac3714b4db51593d4fe
SHA1

7d50a74dac41afae1a261c039bbe79bfdf60bc06
SHA256

3d5b2744c55705b2b95c8ba1a0b43d15230ca9dc431ab435e12907529336185e
SHA512

4cf644fed38493d9e8e65f2695e63b48102bb401aba6a8b3b2aa4709af3674bb1b6e904b5a0713b1d79ca2d59f687dc7fee724b62cc599d623edb8a38fb9f6af
SSDEEP

6144:VMBhyGiKxayIBSEEZQNb/oCxpZM/IIVFr4XxnnUe:WCGiKxEqZQhVg/5Fk

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  3d5b2744c55705b2b95c8ba1a0b43d15230ca9dc431ab435e12907529336185e
- Size
  
  345KB
- MD5
  
  61ad1470c852aac3714b4db51593d4fe
- SHA1
  
  7d50a74dac41afae1a261c039bbe79bfdf60bc06
- SHA256
  
  3d5b2744c55705b2b95c8ba1a0b43d15230ca9dc431ab435e12907529336185e
- SHA512
  
  4cf644fed38493d9e8e65f2695e63b48102bb401aba6a8b3b2aa4709af3674bb1b6e904b5a0713b1d79ca2d59f687dc7fee724b62cc599d623edb8a38fb9f6af
- SSDEEP
  
  6144:VMBhyGiKxayIBSEEZQNb/oCxpZM/IIVFr4XxnnUe:WCGiKxEqZQhVg/5Fk
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2