gcleaner | 0d1e0a264d1afc94087f0a2b3cbbd2b9a808c1d60b9b15cb144270b4137e22a1 | Triage

Sharing

General

Target

0d1e0a264d1afc94087f0a2b3cbbd2b9a808c1d60b9b15cb144270b4137e22a1
Size

374KB
Sample

240528-pxdnjseh78
MD5

5f44dc9d94d53b68a071eece2183f406
SHA1

7bd5c068ae0f9aa488b208940ba2c45d9a69fc04
SHA256

0d1e0a264d1afc94087f0a2b3cbbd2b9a808c1d60b9b15cb144270b4137e22a1
SHA512

c68a531c28cd7339af9e78ca71de816fe7c1f3a496f2003e14334b93b417d3830655112c714f9a6a839530db0cadb6d3e68af5b43b2ce47a509486e578f60bab
SSDEEP

6144:JR0Bhjs+XMWflC/gnD2orMDXQlqzaXUV0AL5rUOnVA85ALZTb+el:JR0BhjHMWfY/CyovlqOXbuiOsZx

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  0d1e0a264d1afc94087f0a2b3cbbd2b9a808c1d60b9b15cb144270b4137e22a1
- Size
  
  374KB
- MD5
  
  5f44dc9d94d53b68a071eece2183f406
- SHA1
  
  7bd5c068ae0f9aa488b208940ba2c45d9a69fc04
- SHA256
  
  0d1e0a264d1afc94087f0a2b3cbbd2b9a808c1d60b9b15cb144270b4137e22a1
- SHA512
  
  c68a531c28cd7339af9e78ca71de816fe7c1f3a496f2003e14334b93b417d3830655112c714f9a6a839530db0cadb6d3e68af5b43b2ce47a509486e578f60bab
- SSDEEP
  
  6144:JR0Bhjs+XMWflC/gnD2orMDXQlqzaXUV0AL5rUOnVA85ALZTb+el:JR0BhjHMWfY/CyovlqOXbuiOsZx
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2