gcleaner | bc015b32c68e5a6e0be1d358a9895845ad0523f0e1049bdd58dd3caaeb939a34 | Triage

Sharing

General

Target

bc015b32c68e5a6e0be1d358a9895845ad0523f0e1049bdd58dd3caaeb939a34
Size

374KB
Sample

240528-lj4q2afc73
MD5

2811aa2a65f9fafca369db5efe281966
SHA1

f57708b340b65f264c4e82a3985f48332f9fac20
SHA256

bc015b32c68e5a6e0be1d358a9895845ad0523f0e1049bdd58dd3caaeb939a34
SHA512

715b86fa9dfbbe9071c1958a83989a6846fb9a1fc12ed2fc0d0f317e9607355d43a7a775d2660605a65b174cce8e2c3f451d8c4c58986d375cec09dbec6a35c9
SSDEEP

6144:z/NYMjqF6FcKF77zoKtPajQWOD0j40GOZEkHOP3tf/VX7LTlcM4vd:z/N9qF6+KF778oIQoVGO/Oft1LVcM41

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  bc015b32c68e5a6e0be1d358a9895845ad0523f0e1049bdd58dd3caaeb939a34
- Size
  
  374KB
- MD5
  
  2811aa2a65f9fafca369db5efe281966
- SHA1
  
  f57708b340b65f264c4e82a3985f48332f9fac20
- SHA256
  
  bc015b32c68e5a6e0be1d358a9895845ad0523f0e1049bdd58dd3caaeb939a34
- SHA512
  
  715b86fa9dfbbe9071c1958a83989a6846fb9a1fc12ed2fc0d0f317e9607355d43a7a775d2660605a65b174cce8e2c3f451d8c4c58986d375cec09dbec6a35c9
- SSDEEP
  
  6144:z/NYMjqF6FcKF77zoKtPajQWOD0j40GOZEkHOP3tf/VX7LTlcM4vd:z/N9qF6+KF778oIQoVGO/Oft1LVcM41
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2