gcleaner | da85eacebca676e949368088dd9518a50abece040f49dbe51f38ea9c47bb2c26 | Triage

Sharing

General

Target

da85eacebca676e949368088dd9518a50abece040f49dbe51f38ea9c47bb2c26
Size

345KB
Sample

240527-bn7clsbb4t
MD5

44f51057f81a176e9f8c17797190a480
SHA1

10e658e1cf6809be37086f97a1f55f47863705ec
SHA256

da85eacebca676e949368088dd9518a50abece040f49dbe51f38ea9c47bb2c26
SHA512

8adc6e6ab14b3804b04fa746dd4765f1246b29a15c502631b0eaee493e5ae4b69044157e98c2d51f6d5a145315a48de355273d81184351bc86c83b8f14d86dd8
SSDEEP

6144:YeN7gDxYwV/bJKo76+l+2oeU4L+jsLwqWwIKDH7iY3ZCizw7LDl5M:YeguwVjp4eGYLwq2KDH7JUV5M

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  da85eacebca676e949368088dd9518a50abece040f49dbe51f38ea9c47bb2c26
- Size
  
  345KB
- MD5
  
  44f51057f81a176e9f8c17797190a480
- SHA1
  
  10e658e1cf6809be37086f97a1f55f47863705ec
- SHA256
  
  da85eacebca676e949368088dd9518a50abece040f49dbe51f38ea9c47bb2c26
- SHA512
  
  8adc6e6ab14b3804b04fa746dd4765f1246b29a15c502631b0eaee493e5ae4b69044157e98c2d51f6d5a145315a48de355273d81184351bc86c83b8f14d86dd8
- SSDEEP
  
  6144:YeN7gDxYwV/bJKo76+l+2oeU4L+jsLwqWwIKDH7iY3ZCizw7LDl5M:YeguwVjp4eGYLwq2KDH7JUV5M
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2