gcleaner | a65ffeb8826e3acc5b8ee765897314b85dd599767d0eee6521caa58071a52a3f | Triage

Sharing

General

Target

a65ffeb8826e3acc5b8ee765897314b85dd599767d0eee6521caa58071a52a3f
Size

351KB
Sample

240615-mfdacaxblf
MD5

763fcbe3425a2abfb6ee647122e74c72
SHA1

72a7ef3e5d89bc2ceb9ec2a89b2a8b1c9dd4226e
SHA256

a65ffeb8826e3acc5b8ee765897314b85dd599767d0eee6521caa58071a52a3f
SHA512

cd969661c4d6edcf4053253614c6571936071fe0c606e5c42734caa199628a3241ac86e1308a80dbd83101e39129f2a793ca32775fa315ad70e65fd2009092a5
SSDEEP

6144:0Fb0nnixOAznhuYjahPmMBLbM9X32IOujTB:0anixOenR+hPPBcx2/s

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

185.172.128.69

Attributes

url_path
/advdlc.php

Targets

- Target
  
  a65ffeb8826e3acc5b8ee765897314b85dd599767d0eee6521caa58071a52a3f
- Size
  
  351KB
- MD5
  
  763fcbe3425a2abfb6ee647122e74c72
- SHA1
  
  72a7ef3e5d89bc2ceb9ec2a89b2a8b1c9dd4226e
- SHA256
  
  a65ffeb8826e3acc5b8ee765897314b85dd599767d0eee6521caa58071a52a3f
- SHA512
  
  cd969661c4d6edcf4053253614c6571936071fe0c606e5c42734caa199628a3241ac86e1308a80dbd83101e39129f2a793ca32775fa315ad70e65fd2009092a5
- SSDEEP
  
  6144:0Fb0nnixOAznhuYjahPmMBLbM9X32IOujTB:0anixOenR+hPPBcx2/s
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2