gcleaner | db38d0c3a7e6b2697d5341ba3b0c7016743fd232cae81c58328fceddd0ddbf3d | Triage

Sharing

General

Target

db38d0c3a7e6b2697d5341ba3b0c7016743fd232cae81c58328fceddd0ddbf3d
Size

330KB
Sample

240527-fdravshf56
MD5

8345db6fd9ec5d96d83b71226702fb3e
SHA1

58dd247e2039441ee45fdbd48f69839ea7d3cd6c
SHA256

db38d0c3a7e6b2697d5341ba3b0c7016743fd232cae81c58328fceddd0ddbf3d
SHA512

1a80fad1b025246e07303ea51fb903d1b78e435684b31dc8416258a7f963079aa023c728eadaf0ebe83a48ba40a1c8ca15afc44c3737ed6774c737fe1579e227
SSDEEP

3072:/2ujvya+1XtOQCjWBtyFRqqTOgztRl1QsLYNvfvL3KZ4JH5GSKvkdm:+ujt+Z6Wfyvqq9RlSfvbkmwSwkd

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  db38d0c3a7e6b2697d5341ba3b0c7016743fd232cae81c58328fceddd0ddbf3d
- Size
  
  330KB
- MD5
  
  8345db6fd9ec5d96d83b71226702fb3e
- SHA1
  
  58dd247e2039441ee45fdbd48f69839ea7d3cd6c
- SHA256
  
  db38d0c3a7e6b2697d5341ba3b0c7016743fd232cae81c58328fceddd0ddbf3d
- SHA512
  
  1a80fad1b025246e07303ea51fb903d1b78e435684b31dc8416258a7f963079aa023c728eadaf0ebe83a48ba40a1c8ca15afc44c3737ed6774c737fe1579e227
- SSDEEP
  
  3072:/2ujvya+1XtOQCjWBtyFRqqTOgztRl1QsLYNvfvL3KZ4JH5GSKvkdm:+ujt+Z6Wfyvqq9RlSfvbkmwSwkd
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2