gcleaner | 005a6c46cffbfe98866f4a8af8f53448379df78845f7b0808865b7d49292f12c | Triage

Sharing

General

Target

005a6c46cffbfe98866f4a8af8f53448379df78845f7b0808865b7d49292f12c
Size

397KB
Sample

240616-vzt17svank
MD5

43eb89c4242fd677c68602bac332e5ed
SHA1

cc364645bb1e2c79888d4fad5c9cf58d3b85d30a
SHA256

005a6c46cffbfe98866f4a8af8f53448379df78845f7b0808865b7d49292f12c
SHA512

e8bf1f44f3934c2f1090fcaf5551f5c6d7dbeba147b3f1bc02b8b7083a7c654e84ef22bfa11128941d5f1bbb85733fcf89a25fb826e70902ade34797408fe852
SSDEEP

6144:wjWL3Jk8suk3Gaiv+UNrbYVrv7caQ7wuPIEwwy57ApV:widkwk3GaimAwG7m7

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  005a6c46cffbfe98866f4a8af8f53448379df78845f7b0808865b7d49292f12c
- Size
  
  397KB
- MD5
  
  43eb89c4242fd677c68602bac332e5ed
- SHA1
  
  cc364645bb1e2c79888d4fad5c9cf58d3b85d30a
- SHA256
  
  005a6c46cffbfe98866f4a8af8f53448379df78845f7b0808865b7d49292f12c
- SHA512
  
  e8bf1f44f3934c2f1090fcaf5551f5c6d7dbeba147b3f1bc02b8b7083a7c654e84ef22bfa11128941d5f1bbb85733fcf89a25fb826e70902ade34797408fe852
- SSDEEP
  
  6144:wjWL3Jk8suk3Gaiv+UNrbYVrv7caQ7wuPIEwwy57ApV:widkwk3GaimAwG7m7
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2