gcleaner | 0c9a8ad6ec1cb5876984dc405b9480863fcdbb740dc55acece145f8b71148d3f | Triage

Sharing

General

Target

0c9a8ad6ec1cb5876984dc405b9480863fcdbb740dc55acece145f8b71148d3f
Size

329KB
Sample

240527-p6am9adb4y
MD5

99911c754123f2c4929f5ddb0e55f2a3
SHA1

842bdf7740327c164e9830331fbf69cf6baf24db
SHA256

0c9a8ad6ec1cb5876984dc405b9480863fcdbb740dc55acece145f8b71148d3f
SHA512

b0f02119502200c1a4cf002a7bd079791ecba7ab9477d2d46652745b016b68b72e0edd12b466f5a81bb9dde536127027b6bbab39dfbecc6b3a6319e030f4c8f1
SSDEEP

3072:Qeu3nWfcVzRDmstury7gl9dljAsDJ3i7TPNXquS7mb/V/jIE/fQMU5bygS7fLuj:Qeu3WczRqstukgHdl8si5310y5rgqLM

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  0c9a8ad6ec1cb5876984dc405b9480863fcdbb740dc55acece145f8b71148d3f
- Size
  
  329KB
- MD5
  
  99911c754123f2c4929f5ddb0e55f2a3
- SHA1
  
  842bdf7740327c164e9830331fbf69cf6baf24db
- SHA256
  
  0c9a8ad6ec1cb5876984dc405b9480863fcdbb740dc55acece145f8b71148d3f
- SHA512
  
  b0f02119502200c1a4cf002a7bd079791ecba7ab9477d2d46652745b016b68b72e0edd12b466f5a81bb9dde536127027b6bbab39dfbecc6b3a6319e030f4c8f1
- SSDEEP
  
  3072:Qeu3nWfcVzRDmstury7gl9dljAsDJ3i7TPNXquS7mb/V/jIE/fQMU5bygS7fLuj:Qeu3WczRqstukgHdl8si5310y5rgqLM
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2