gcleaner | 57ec25e8d188f90c7cd75f311ec2a7d3ba775870e02f8dd7a7eacc1f49395466 | Triage

Sharing

General

Target

57ec25e8d188f90c7cd75f311ec2a7d3ba775870e02f8dd7a7eacc1f49395466
Size

351KB
Sample

240615-tevxbszenl
MD5

2d142cd7158d658c8e40e46ac23a13e0
SHA1

ef03f682660e1fc7485c0590e0cf6cf47235fdfb
SHA256

57ec25e8d188f90c7cd75f311ec2a7d3ba775870e02f8dd7a7eacc1f49395466
SHA512

b02074a66890a5a253c5367f39a6a633295a95f1748e9d523d2831d8af7e61e90b8a01fcf0109054c0592cd40c96420db464a854e97225c5479cb4749cb03d49
SSDEEP

6144:lFbCnAuzC2JrJAqkwXs3rSmQsmq7+LS5HIOujTi:lMnxzCINkwXMSCmq6L+/s

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

185.172.128.69

Attributes

url_path
/advdlc.php

Targets

- Target
  
  57ec25e8d188f90c7cd75f311ec2a7d3ba775870e02f8dd7a7eacc1f49395466
- Size
  
  351KB
- MD5
  
  2d142cd7158d658c8e40e46ac23a13e0
- SHA1
  
  ef03f682660e1fc7485c0590e0cf6cf47235fdfb
- SHA256
  
  57ec25e8d188f90c7cd75f311ec2a7d3ba775870e02f8dd7a7eacc1f49395466
- SHA512
  
  b02074a66890a5a253c5367f39a6a633295a95f1748e9d523d2831d8af7e61e90b8a01fcf0109054c0592cd40c96420db464a854e97225c5479cb4749cb03d49
- SSDEEP
  
  6144:lFbCnAuzC2JrJAqkwXs3rSmQsmq7+LS5HIOujTi:lMnxzCINkwXMSCmq6L+/s
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2