gcleaner | 85c655f223541fe7cf25d00134d749ee08c8c91db4ba0744a9c184ec792b7225 | Triage

Sharing

General

Target

85c655f223541fe7cf25d00134d749ee08c8c91db4ba0744a9c184ec792b7225
Size

403KB
Sample

240609-12x4jagc28
MD5

b2187bbb8e0691232b983d14efb9f49a
SHA1

994fb504cdb487864f5cf5f19b6b6492fba90301
SHA256

85c655f223541fe7cf25d00134d749ee08c8c91db4ba0744a9c184ec792b7225
SHA512

15147fb58e9c7ce288094136abe21636122ba07be798025c22b34eeea179e34e6c43236f8a008335539fd3d4fa3dc9d0ac0aecde481ae9ff7ebf8bc4d71ea558
SSDEEP

6144:mFLyfsO3EbJr9N1m2o5TkBW41jh7gbw8N9vSSSSSSS+5ud0:4OEOyJ5N42o5TGDVKV

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  85c655f223541fe7cf25d00134d749ee08c8c91db4ba0744a9c184ec792b7225
- Size
  
  403KB
- MD5
  
  b2187bbb8e0691232b983d14efb9f49a
- SHA1
  
  994fb504cdb487864f5cf5f19b6b6492fba90301
- SHA256
  
  85c655f223541fe7cf25d00134d749ee08c8c91db4ba0744a9c184ec792b7225
- SHA512
  
  15147fb58e9c7ce288094136abe21636122ba07be798025c22b34eeea179e34e6c43236f8a008335539fd3d4fa3dc9d0ac0aecde481ae9ff7ebf8bc4d71ea558
- SSDEEP
  
  6144:mFLyfsO3EbJr9N1m2o5TkBW41jh7gbw8N9vSSSSSSS+5ud0:4OEOyJ5N42o5TGDVKV
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2