gcleaner | 2fa9dc55cea2f15fe27870e6d1610af2f73209313e1389d9a6ffa41b48a0e1f7 | Triage

Sharing

General

Target

2fa9dc55cea2f15fe27870e6d1610af2f73209313e1389d9a6ffa41b48a0e1f7
Size

329KB
Sample

240527-qe4yfseh47
MD5

e6d336f5ae484f500fb75d0cdc6d886f
SHA1

05a9e77a8846c1bb33bc2c11df84422d5fd9c892
SHA256

2fa9dc55cea2f15fe27870e6d1610af2f73209313e1389d9a6ffa41b48a0e1f7
SHA512

dbe7e3fdb191d7161ff4683f155f3eee2246cf8d7e6bbe285235227c0c862d61ee93f1cfb3c4d4919763460a878b09e5e5e0dc4e032574eb09bf5f2ce0cc38bd
SSDEEP

3072:ky4nQ/n6DLtHA2qnRdU/WKootUUx1M2sjmV1MQsr0X9u6Yb3Q+eM93L5ryMV1Rd0:kyBgVF8rUdtUUxFsq1DujzeM93cWTLM

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  2fa9dc55cea2f15fe27870e6d1610af2f73209313e1389d9a6ffa41b48a0e1f7
- Size
  
  329KB
- MD5
  
  e6d336f5ae484f500fb75d0cdc6d886f
- SHA1
  
  05a9e77a8846c1bb33bc2c11df84422d5fd9c892
- SHA256
  
  2fa9dc55cea2f15fe27870e6d1610af2f73209313e1389d9a6ffa41b48a0e1f7
- SHA512
  
  dbe7e3fdb191d7161ff4683f155f3eee2246cf8d7e6bbe285235227c0c862d61ee93f1cfb3c4d4919763460a878b09e5e5e0dc4e032574eb09bf5f2ce0cc38bd
- SSDEEP
  
  3072:ky4nQ/n6DLtHA2qnRdU/WKootUUx1M2sjmV1MQsr0X9u6Yb3Q+eM93L5ryMV1Rd0:kyBgVF8rUdtUUxFsq1DujzeM93cWTLM
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2