gcleaner | 2e1b0d79e5e71050d1d76443468bbb248f03f3d428f0a8eb3c2643354ce063fa | Triage

Sharing

General

Target

2e1b0d79e5e71050d1d76443468bbb248f03f3d428f0a8eb3c2643354ce063fa
Size

403KB
Sample

240616-12545szgpc
MD5

66afb8ce40739ac471f4f2b3df8ef3aa
SHA1

4f73b771c5d768bfeb9e166f9103fbb672bd2e99
SHA256

2e1b0d79e5e71050d1d76443468bbb248f03f3d428f0a8eb3c2643354ce063fa
SHA512

1b94317db2a7d37ba86e471014692ee5ecb5cb952e9495d362b7705f3ee6fe9626fb4995f83003a598c35fb972a30d08cc279f8b8f3d076df6c936f093fbcfbe
SSDEEP

6144:XjWL3RAWu/LhC5huYOjxxmf3fj5AuPibLrn7DvQ8wk99Nyawy57AFV:Xi1AdLhGqxSPjlPi3rnv0knqm7

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  2e1b0d79e5e71050d1d76443468bbb248f03f3d428f0a8eb3c2643354ce063fa
- Size
  
  403KB
- MD5
  
  66afb8ce40739ac471f4f2b3df8ef3aa
- SHA1
  
  4f73b771c5d768bfeb9e166f9103fbb672bd2e99
- SHA256
  
  2e1b0d79e5e71050d1d76443468bbb248f03f3d428f0a8eb3c2643354ce063fa
- SHA512
  
  1b94317db2a7d37ba86e471014692ee5ecb5cb952e9495d362b7705f3ee6fe9626fb4995f83003a598c35fb972a30d08cc279f8b8f3d076df6c936f093fbcfbe
- SSDEEP
  
  6144:XjWL3RAWu/LhC5huYOjxxmf3fj5AuPibLrn7DvQ8wk99Nyawy57AFV:Xi1AdLhGqxSPjlPi3rnv0knqm7
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2