gcleaner | 6a94ccad971931a56537e61f3b7fb6c0f65069b729861e2575b90e5ceea87671 | Triage

Sharing

General

Target

6a94ccad971931a56537e61f3b7fb6c0f65069b729861e2575b90e5ceea87671
Size

382KB
Sample

240528-wb8ecsfa22
MD5

b2dabc8461031934a6524df2e7bce27f
SHA1

b6fcedbd1f884d23fe1f0367e653821df56fd55a
SHA256

6a94ccad971931a56537e61f3b7fb6c0f65069b729861e2575b90e5ceea87671
SHA512

b910cb887744594e722f835d48671d0ca549b450a47713764a7b2bc699c38b1d6a114f49bba7f467312a611e0561c991a0b45a26aa76a470e8a473ef840415c8
SSDEEP

6144:uoTbNLzTArkioOifFRpCn4zFkG+bL5/GyhAZTb+els:uoTbNjAr5oOiD44zFHKRaZx

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  6a94ccad971931a56537e61f3b7fb6c0f65069b729861e2575b90e5ceea87671
- Size
  
  382KB
- MD5
  
  b2dabc8461031934a6524df2e7bce27f
- SHA1
  
  b6fcedbd1f884d23fe1f0367e653821df56fd55a
- SHA256
  
  6a94ccad971931a56537e61f3b7fb6c0f65069b729861e2575b90e5ceea87671
- SHA512
  
  b910cb887744594e722f835d48671d0ca549b450a47713764a7b2bc699c38b1d6a114f49bba7f467312a611e0561c991a0b45a26aa76a470e8a473ef840415c8
- SSDEEP
  
  6144:uoTbNLzTArkioOifFRpCn4zFkG+bL5/GyhAZTb+els:uoTbNjAr5oOiD44zFHKRaZx
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2