gcleaner | 1d68c64e2978e2be3789696d76ca14e9048fba51e1db439532d996e6910a9dd6 | Triage

Sharing

General

Target

1d68c64e2978e2be3789696d76ca14e9048fba51e1db439532d996e6910a9dd6
Size

336KB
Sample

240614-tcsn7a1dlk
MD5

2644f79510024fc7509768a37e912ee6
SHA1

c580abbdc4eafe399e00ea02775db5c845a72d58
SHA256

1d68c64e2978e2be3789696d76ca14e9048fba51e1db439532d996e6910a9dd6
SHA512

55dff930901d0a1d27afa6256f2bd3d57a5c8fcdba0c8b858b58bc30df10fd6daee701ed9f5ab45cc570b3141a8aee26f849d7003a9d35c61dd24adfd45214c0
SSDEEP

3072:nZLvVylvmh7F9IGQ/8w3QLgu354JWwQsucmxpCc6HKKDiZSCfNr+1OdbSoymwTTY:nZUlvOa8w3wT3WJjbmxp+2ACGOFSdTy

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

185.172.128.69

Attributes

url_path
/advdlc.php

Targets

- Target
  
  1d68c64e2978e2be3789696d76ca14e9048fba51e1db439532d996e6910a9dd6
- Size
  
  336KB
- MD5
  
  2644f79510024fc7509768a37e912ee6
- SHA1
  
  c580abbdc4eafe399e00ea02775db5c845a72d58
- SHA256
  
  1d68c64e2978e2be3789696d76ca14e9048fba51e1db439532d996e6910a9dd6
- SHA512
  
  55dff930901d0a1d27afa6256f2bd3d57a5c8fcdba0c8b858b58bc30df10fd6daee701ed9f5ab45cc570b3141a8aee26f849d7003a9d35c61dd24adfd45214c0
- SSDEEP
  
  3072:nZLvVylvmh7F9IGQ/8w3QLgu354JWwQsucmxpCc6HKKDiZSCfNr+1OdbSoymwTTY:nZUlvOa8w3wT3WJjbmxp+2ACGOFSdTy
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2