gcleaner | bacf69c50d5446f9e07d9a6513b8b0fec399ad1ba809efb6e2473d6716072b46 | Triage

Sharing

General

Target

bacf69c50d5446f9e07d9a6513b8b0fec399ad1ba809efb6e2473d6716072b46
Size

296KB
Sample

240621-25grdsvbnc
MD5

b6977758268c61c04cd76f5f46c1f61e
SHA1

cb052cc47eda1d8f04bbb77b1fc8924098ecb0f8
SHA256

bacf69c50d5446f9e07d9a6513b8b0fec399ad1ba809efb6e2473d6716072b46
SHA512

16104238d7bb101826a069298c8ae45e78e811e228ccc6490e4e00b6de40e6f851202aa97f1110adbff37a6fc0f57580a833be6dd38463382d85459d8fa21880
SSDEEP

6144:jeMIvBjrcollXy9OrHXGaIcUX0HWPM6cpVUF23M:jeMIvBjrflEwWaIcUERP3

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  bacf69c50d5446f9e07d9a6513b8b0fec399ad1ba809efb6e2473d6716072b46
- Size
  
  296KB
- MD5
  
  b6977758268c61c04cd76f5f46c1f61e
- SHA1
  
  cb052cc47eda1d8f04bbb77b1fc8924098ecb0f8
- SHA256
  
  bacf69c50d5446f9e07d9a6513b8b0fec399ad1ba809efb6e2473d6716072b46
- SHA512
  
  16104238d7bb101826a069298c8ae45e78e811e228ccc6490e4e00b6de40e6f851202aa97f1110adbff37a6fc0f57580a833be6dd38463382d85459d8fa21880
- SSDEEP
  
  6144:jeMIvBjrcollXy9OrHXGaIcUX0HWPM6cpVUF23M:jeMIvBjrflEwWaIcUERP3
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2