gcleaner | c1f1051c57d7b3fe023e8d075d007cbf51ad4c32f64cccda8a957eb668f0a217 | Triage

Sharing

General

Target

c1f1051c57d7b3fe023e8d075d007cbf51ad4c32f64cccda8a957eb668f0a217
Size

364KB
Sample

240614-mcq22azeqn
MD5

652fe97b3163f529a3574a826a440614
SHA1

526e63984e0f90cedf8849d1039f0d4aa5560d61
SHA256

c1f1051c57d7b3fe023e8d075d007cbf51ad4c32f64cccda8a957eb668f0a217
SHA512

26108845f9457c81340355337b12f6373ae9f4e5f87f6a1ea5e289dd3fc196cba9aaa1f1610f21c8395b960f206fc2a5c270fa43af280b88200ff12c609505dd
SSDEEP

6144:t6/xn+FUWLs9zapXlB1rntf9oYO5TUDijGmSdTW:Gne+zap1B1rnriwDiKrW

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  c1f1051c57d7b3fe023e8d075d007cbf51ad4c32f64cccda8a957eb668f0a217
- Size
  
  364KB
- MD5
  
  652fe97b3163f529a3574a826a440614
- SHA1
  
  526e63984e0f90cedf8849d1039f0d4aa5560d61
- SHA256
  
  c1f1051c57d7b3fe023e8d075d007cbf51ad4c32f64cccda8a957eb668f0a217
- SHA512
  
  26108845f9457c81340355337b12f6373ae9f4e5f87f6a1ea5e289dd3fc196cba9aaa1f1610f21c8395b960f206fc2a5c270fa43af280b88200ff12c609505dd
- SSDEEP
  
  6144:t6/xn+FUWLs9zapXlB1rntf9oYO5TUDijGmSdTW:Gne+zap1B1rnriwDiKrW
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2