gcleaner | ae67a6edd494d4fea3a1677e7796dabbec8ccfa16f5b5b01ae3e1c0d264eb3a2 | Triage

Sharing

General

Target

ae67a6edd494d4fea3a1677e7796dabbec8ccfa16f5b5b01ae3e1c0d264eb3a2
Size

393KB
Sample

240609-kkvn3sha25
MD5

847262753dc8444f9c010e44de240a00
SHA1

f8e5543648faf9d73795c6923aa7cae160473738
SHA256

ae67a6edd494d4fea3a1677e7796dabbec8ccfa16f5b5b01ae3e1c0d264eb3a2
SHA512

580eda9ef42640e8576d893e44f78b37add8cdc2c255ae883c7e4d2019ae1b7cd11e906f4bf5977684327a4a768d20d6ccad7ec1df8f12c6804b39b0ad6225ee
SSDEEP

6144:4T2LxMAKS8neBKp5tnKuLu/QsDz4geFsW0OEJf0do2+fJ1pe3J1peuS:p9MAKDFp55/wQsgVFVzEoip2p+

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  ae67a6edd494d4fea3a1677e7796dabbec8ccfa16f5b5b01ae3e1c0d264eb3a2
- Size
  
  393KB
- MD5
  
  847262753dc8444f9c010e44de240a00
- SHA1
  
  f8e5543648faf9d73795c6923aa7cae160473738
- SHA256
  
  ae67a6edd494d4fea3a1677e7796dabbec8ccfa16f5b5b01ae3e1c0d264eb3a2
- SHA512
  
  580eda9ef42640e8576d893e44f78b37add8cdc2c255ae883c7e4d2019ae1b7cd11e906f4bf5977684327a4a768d20d6ccad7ec1df8f12c6804b39b0ad6225ee
- SSDEEP
  
  6144:4T2LxMAKS8neBKp5tnKuLu/QsDz4geFsW0OEJf0do2+fJ1pe3J1peuS:p9MAKDFp55/wQsgVFVzEoip2p+
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2