gcleaner | 7b97419f40ad910a62966e5fb77a49f8b964699e343c8168e7a3d0009b9647cf | Triage

Sharing

General

Target

7b97419f40ad910a62966e5fb77a49f8b964699e343c8168e7a3d0009b9647cf
Size

413KB
Sample

240608-1vdrbahf87
MD5

98d6b38d573a1ac8e03afb092d3d4775
SHA1

f1ec1120a74ceb7c3c707712bb26ef7cfda58f7e
SHA256

7b97419f40ad910a62966e5fb77a49f8b964699e343c8168e7a3d0009b9647cf
SHA512

902d9f0dc98875a86ba6a60a952a6357522e1bbd73da5bf826180ea487843ea08d33f69dc7ab41397784d526d3e5b731de3de1bbf0601b773d06dcdb2f523c6e
SSDEEP

3072:x9xtZLB6oDgzJ9i4Cp6gpVtJHGlkYxQuCJWStaUczZuXBSE6gRkx542bRnbyPbRa:xBZL8oMQp6qVDH6tQuZStapwF2VWVMS

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  7b97419f40ad910a62966e5fb77a49f8b964699e343c8168e7a3d0009b9647cf
- Size
  
  413KB
- MD5
  
  98d6b38d573a1ac8e03afb092d3d4775
- SHA1
  
  f1ec1120a74ceb7c3c707712bb26ef7cfda58f7e
- SHA256
  
  7b97419f40ad910a62966e5fb77a49f8b964699e343c8168e7a3d0009b9647cf
- SHA512
  
  902d9f0dc98875a86ba6a60a952a6357522e1bbd73da5bf826180ea487843ea08d33f69dc7ab41397784d526d3e5b731de3de1bbf0601b773d06dcdb2f523c6e
- SSDEEP
  
  3072:x9xtZLB6oDgzJ9i4Cp6gpVtJHGlkYxQuCJWStaUczZuXBSE6gRkx542bRnbyPbRa:xBZL8oMQp6qVDH6tQuZStapwF2VWVMS
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2