gcleaner | fba5f261b2d096ac50c3241a8a5fa08af6fc784abf3e155baa69f8db15f4849c | Triage

Sharing

General

Target

fba5f261b2d096ac50c3241a8a5fa08af6fc784abf3e155baa69f8db15f4849c
Size

377KB
Sample

240616-t4mx1szerb
MD5

6e4cde98b93c0226f48b4af5c28c69b3
SHA1

84539053e18bbba9fa744bdec66a608df77bb545
SHA256

fba5f261b2d096ac50c3241a8a5fa08af6fc784abf3e155baa69f8db15f4849c
SHA512

8cbe25324082ccea3b36140d940b92ce6f0291726fdc8762020b48b4e77d7a53ccc71e1c63fdcf534e0e3cd2e4b444b77da0812bbaab9d9880dc540d4eb27bff
SSDEEP

6144:nFR3hae6Ax+No4g4mV/W9zBUysUg4Me/CKTcbmqrxuDIOubT2:FKe6AH4zMkzBUyseCFmqr8D/8

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  fba5f261b2d096ac50c3241a8a5fa08af6fc784abf3e155baa69f8db15f4849c
- Size
  
  377KB
- MD5
  
  6e4cde98b93c0226f48b4af5c28c69b3
- SHA1
  
  84539053e18bbba9fa744bdec66a608df77bb545
- SHA256
  
  fba5f261b2d096ac50c3241a8a5fa08af6fc784abf3e155baa69f8db15f4849c
- SHA512
  
  8cbe25324082ccea3b36140d940b92ce6f0291726fdc8762020b48b4e77d7a53ccc71e1c63fdcf534e0e3cd2e4b444b77da0812bbaab9d9880dc540d4eb27bff
- SSDEEP
  
  6144:nFR3hae6Ax+No4g4mV/W9zBUysUg4Me/CKTcbmqrxuDIOubT2:FKe6AH4zMkzBUyseCFmqr8D/8
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2