gcleaner | a697c41228bbb8201643f3e3a0ab3bd063f9678c113dd409f307eca2deec2a3d | Triage

Sharing

General

Target

a697c41228bbb8201643f3e3a0ab3bd063f9678c113dd409f307eca2deec2a3d
Size

369KB
Sample

240528-ylj6mahg9y
MD5

bf5f954869072181fc806ccfb026e221
SHA1

24da9ba6740a765ed8402bee942cb6eef07522f8
SHA256

a697c41228bbb8201643f3e3a0ab3bd063f9678c113dd409f307eca2deec2a3d
SHA512

2df6063e4d92f41893fc7b13d637e8b330d9ac1522b981c87b8e03b35c7f541fbdbcbed0c3a79411237f58b0c122a94fdf2f7513f2245d432ab74a388618016e
SSDEEP

6144:3OuQL1tS1ZKy7P5E9t4LIibej2vETJPf37GVag++SXZTb+el:+uQL1CZKy7XvKj2vSJ7gc+IZx

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  a697c41228bbb8201643f3e3a0ab3bd063f9678c113dd409f307eca2deec2a3d
- Size
  
  369KB
- MD5
  
  bf5f954869072181fc806ccfb026e221
- SHA1
  
  24da9ba6740a765ed8402bee942cb6eef07522f8
- SHA256
  
  a697c41228bbb8201643f3e3a0ab3bd063f9678c113dd409f307eca2deec2a3d
- SHA512
  
  2df6063e4d92f41893fc7b13d637e8b330d9ac1522b981c87b8e03b35c7f541fbdbcbed0c3a79411237f58b0c122a94fdf2f7513f2245d432ab74a388618016e
- SSDEEP
  
  6144:3OuQL1tS1ZKy7P5E9t4LIibej2vETJPf37GVag++SXZTb+el:+uQL1CZKy7XvKj2vSJ7gc+IZx
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2