gcleaner | 207b0996ed3527cfd42fcd89859d6cd50945f3f4c60e300b8d4c96ce925a26f3 | Triage

Sharing

General

Target

207b0996ed3527cfd42fcd89859d6cd50945f3f4c60e300b8d4c96ce925a26f3
Size

399KB
Sample

240620-xyvx8atcjb
MD5

7fabe35d0e6264fa09f66dffc8dcf7ed
SHA1

bf1536ddaa7a5703b31ad26f98b79cb0eba3adc1
SHA256

207b0996ed3527cfd42fcd89859d6cd50945f3f4c60e300b8d4c96ce925a26f3
SHA512

719fccacf2975ffb8c73cbd96445aaddae1a3432b15857d9bd615e1b7d9ace600757e07ac620199d76b1c6cae2181b91c501cd7780fc435e64c6df3030d582d8
SSDEEP

6144:EK7L1RzFC2BffFXo0j4PrFjKtTGO4aXNQNiNs:375lFC2l9Xo9rFjKNGO4/Y

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  207b0996ed3527cfd42fcd89859d6cd50945f3f4c60e300b8d4c96ce925a26f3
- Size
  
  399KB
- MD5
  
  7fabe35d0e6264fa09f66dffc8dcf7ed
- SHA1
  
  bf1536ddaa7a5703b31ad26f98b79cb0eba3adc1
- SHA256
  
  207b0996ed3527cfd42fcd89859d6cd50945f3f4c60e300b8d4c96ce925a26f3
- SHA512
  
  719fccacf2975ffb8c73cbd96445aaddae1a3432b15857d9bd615e1b7d9ace600757e07ac620199d76b1c6cae2181b91c501cd7780fc435e64c6df3030d582d8
- SSDEEP
  
  6144:EK7L1RzFC2BffFXo0j4PrFjKtTGO4aXNQNiNs:375lFC2l9Xo9rFjKNGO4/Y
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2