gcleaner | 9d1f169e29daa3fb5751b187d6ef8664b84f58e0f5dbfba8c014697220fbb53b | Triage

Sharing

General

Target

9d1f169e29daa3fb5751b187d6ef8664b84f58e0f5dbfba8c014697220fbb53b
Size

292KB
Sample

240610-fe5jwach99
MD5

888118c4d96bf4de7173ede18a0fecb4
SHA1

881b79dc64cdeae7a8589990f63a459701a71572
SHA256

9d1f169e29daa3fb5751b187d6ef8664b84f58e0f5dbfba8c014697220fbb53b
SHA512

ad307d40a78c88ea5fecd6cdc5c042970f30761139621bb4d9b9ea8f53cce5a636492e1360394bba8e508c6cf58ff1c70e7404319d72341574f0c726c5c19288
SSDEEP

6144:X+xYNQu2xkHJpzRjgfCuHYB8Wix9DmpX4CT:8YNQumulIYqXxZmCy

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  9d1f169e29daa3fb5751b187d6ef8664b84f58e0f5dbfba8c014697220fbb53b
- Size
  
  292KB
- MD5
  
  888118c4d96bf4de7173ede18a0fecb4
- SHA1
  
  881b79dc64cdeae7a8589990f63a459701a71572
- SHA256
  
  9d1f169e29daa3fb5751b187d6ef8664b84f58e0f5dbfba8c014697220fbb53b
- SHA512
  
  ad307d40a78c88ea5fecd6cdc5c042970f30761139621bb4d9b9ea8f53cce5a636492e1360394bba8e508c6cf58ff1c70e7404319d72341574f0c726c5c19288
- SSDEEP
  
  6144:X+xYNQu2xkHJpzRjgfCuHYB8Wix9DmpX4CT:8YNQumulIYqXxZmCy
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2