gcleaner | edbf91055f018d702d4444e958f30d9b910eca2fef469e860ad9b151f93d1f04 | Triage

Sharing

General

Target

edbf91055f018d702d4444e958f30d9b910eca2fef469e860ad9b151f93d1f04
Size

370KB
Sample

240616-29ahwaxbpp
MD5

8aa68ce830b5d2e3343014e9fceb0f76
SHA1

b638a2816325b1ce7c198d00ee0d855fa8b0345b
SHA256

edbf91055f018d702d4444e958f30d9b910eca2fef469e860ad9b151f93d1f04
SHA512

f0ef38b86bc66a1b980cfd747000de36c9cb0b0786e9d8f89def38d34df2ceef003e34e5d1b8c304049b41d7a0bd4bda7894bb64943fd0b89990a1ef774dc4b4
SSDEEP

6144:YwjNLptZVfnQgkMzc042LcnGXv2RxU4fzLwy57AFV:zhZVvQgJ3k82RxUWMm7

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

185.172.128.69

Attributes

url_path
/advdlc.php

Targets

- Target
  
  edbf91055f018d702d4444e958f30d9b910eca2fef469e860ad9b151f93d1f04
- Size
  
  370KB
- MD5
  
  8aa68ce830b5d2e3343014e9fceb0f76
- SHA1
  
  b638a2816325b1ce7c198d00ee0d855fa8b0345b
- SHA256
  
  edbf91055f018d702d4444e958f30d9b910eca2fef469e860ad9b151f93d1f04
- SHA512
  
  f0ef38b86bc66a1b980cfd747000de36c9cb0b0786e9d8f89def38d34df2ceef003e34e5d1b8c304049b41d7a0bd4bda7894bb64943fd0b89990a1ef774dc4b4
- SSDEEP
  
  6144:YwjNLptZVfnQgkMzc042LcnGXv2RxU4fzLwy57AFV:zhZVvQgJ3k82RxUWMm7
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2