gcleaner | 37407680b9ef3211638b71cb079a7e4e20f97bf7c5ee18656ad11c483d0ccb27 | Triage

Sharing

General

Target

37407680b9ef3211638b71cb079a7e4e20f97bf7c5ee18656ad11c483d0ccb27
Size

345KB
Sample

240527-tecqrahf3x
MD5

7578297a8580620962ff86f96df1de95
SHA1

22771b59a8dfba6c3b6fa091133cef229f7296f3
SHA256

37407680b9ef3211638b71cb079a7e4e20f97bf7c5ee18656ad11c483d0ccb27
SHA512

7343524ec5cfea431981fa61eafa9b6878b2409ea607413cd3dba68b85b905f87d07ca45eba53d8ed4984a4bd3014dd271b5d81270c11dc408a7867d4fe4b87c
SSDEEP

6144:ICAp7usNvlYXTX9ZTB1wwcB1niwxPKdLi/:VA5uUkfTB1wwcLiwFK

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  37407680b9ef3211638b71cb079a7e4e20f97bf7c5ee18656ad11c483d0ccb27
- Size
  
  345KB
- MD5
  
  7578297a8580620962ff86f96df1de95
- SHA1
  
  22771b59a8dfba6c3b6fa091133cef229f7296f3
- SHA256
  
  37407680b9ef3211638b71cb079a7e4e20f97bf7c5ee18656ad11c483d0ccb27
- SHA512
  
  7343524ec5cfea431981fa61eafa9b6878b2409ea607413cd3dba68b85b905f87d07ca45eba53d8ed4984a4bd3014dd271b5d81270c11dc408a7867d4fe4b87c
- SSDEEP
  
  6144:ICAp7usNvlYXTX9ZTB1wwcB1niwxPKdLi/:VA5uUkfTB1wwcLiwFK
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2