gcleaner | 9af79edb53c2b09662453653e929a742ddfc8212ce9266c8e194a81d0bcfad40 | Triage

Sharing

General

Target

9af79edb53c2b09662453653e929a742ddfc8212ce9266c8e194a81d0bcfad40
Size

338KB
Sample

240615-l1zteawfke
MD5

a45f656a8f834cce9ee182210709103e
SHA1

8e49dc73d7295068558c8f7a5c2198a09c8b7742
SHA256

9af79edb53c2b09662453653e929a742ddfc8212ce9266c8e194a81d0bcfad40
SHA512

4ffdd53ec5ee97e382c57f084b84e9a5c5ebdfe9cd2d2e8b0f9b155180df2ec392edc26d9a92860a2b89824502c8fc242643c1b4bd6d28bb7aaaf6fc8b18399f
SSDEEP

6144:nFbZJdCSkBdNiY/Tino35v/sm0G7CSvTx:nxdUNiaYy5v/57Nx

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

185.172.128.69

Attributes

url_path
/advdlc.php

Targets

- Target
  
  9af79edb53c2b09662453653e929a742ddfc8212ce9266c8e194a81d0bcfad40
- Size
  
  338KB
- MD5
  
  a45f656a8f834cce9ee182210709103e
- SHA1
  
  8e49dc73d7295068558c8f7a5c2198a09c8b7742
- SHA256
  
  9af79edb53c2b09662453653e929a742ddfc8212ce9266c8e194a81d0bcfad40
- SHA512
  
  4ffdd53ec5ee97e382c57f084b84e9a5c5ebdfe9cd2d2e8b0f9b155180df2ec392edc26d9a92860a2b89824502c8fc242643c1b4bd6d28bb7aaaf6fc8b18399f
- SSDEEP
  
  6144:nFbZJdCSkBdNiY/Tino35v/sm0G7CSvTx:nxdUNiaYy5v/57Nx
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2