gcleaner | a4f7c99bcdcb9c1d9c7cd69ffe8c947f16618119210c720e2035d196e1614b03 | Triage

Sharing

General

Target

a4f7c99bcdcb9c1d9c7cd69ffe8c947f16618119210c720e2035d196e1614b03
Size

389KB
Sample

240609-rtccescb89
MD5

4e592f8c51ee7a8b31b966d76361a9b3
SHA1

ff64f502fab480579d9f311bca7d573f45791192
SHA256

a4f7c99bcdcb9c1d9c7cd69ffe8c947f16618119210c720e2035d196e1614b03
SHA512

b4c7a6f5bc9e742435e3a7b48539f65d86930f1cdca0447cce679d43f07f5b900a907ae1ce49c50d44834e5bef272fbaefd643756220098471557067a1e4bcf9
SSDEEP

3072:BK+3uLPuWPOKNWSIiuqsHcQYX0N3emGsEdYZCzLBmD+K5HQOuqOudSRe24:BVuLPuWbASI/8QLNJGsEdKCnBmDdPSw

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  a4f7c99bcdcb9c1d9c7cd69ffe8c947f16618119210c720e2035d196e1614b03
- Size
  
  389KB
- MD5
  
  4e592f8c51ee7a8b31b966d76361a9b3
- SHA1
  
  ff64f502fab480579d9f311bca7d573f45791192
- SHA256
  
  a4f7c99bcdcb9c1d9c7cd69ffe8c947f16618119210c720e2035d196e1614b03
- SHA512
  
  b4c7a6f5bc9e742435e3a7b48539f65d86930f1cdca0447cce679d43f07f5b900a907ae1ce49c50d44834e5bef272fbaefd643756220098471557067a1e4bcf9
- SSDEEP
  
  3072:BK+3uLPuWPOKNWSIiuqsHcQYX0N3emGsEdYZCzLBmD+K5HQOuqOudSRe24:BVuLPuWbASI/8QLNJGsEdKCnBmDdPSw
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2