gcleaner | c9d8503b7fc83720447ab6f5bb00c2844417eb415129af3438f9f933f43d44c2 | Triage

Sharing

General

Target

c9d8503b7fc83720447ab6f5bb00c2844417eb415129af3438f9f933f43d44c2
Size

362KB
Sample

240621-a63lpsyajk
MD5

bcb19d0d8c67d09189350dcb304bcad8
SHA1

8ee52d59f418ef462835ce99036feaefde6782a7
SHA256

c9d8503b7fc83720447ab6f5bb00c2844417eb415129af3438f9f933f43d44c2
SHA512

bff7a51690dbc79c8d5813568bea718da50ef450d6c5fd681b3432d7ea31e47e80e0e0cd8caeb1921107cf11b86935f07606f9d7971776ba05b87e161b0ab2c5
SSDEEP

6144:Vc6L1LQgGOtgTd69zyGVIu/EiRZd4J1BJ1QPg2X:T5kgGOtSdayQIGrRZ6Bp

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

185.172.128.69

Attributes

url_path
/advdlc.php

Targets

- Target
  
  c9d8503b7fc83720447ab6f5bb00c2844417eb415129af3438f9f933f43d44c2
- Size
  
  362KB
- MD5
  
  bcb19d0d8c67d09189350dcb304bcad8
- SHA1
  
  8ee52d59f418ef462835ce99036feaefde6782a7
- SHA256
  
  c9d8503b7fc83720447ab6f5bb00c2844417eb415129af3438f9f933f43d44c2
- SHA512
  
  bff7a51690dbc79c8d5813568bea718da50ef450d6c5fd681b3432d7ea31e47e80e0e0cd8caeb1921107cf11b86935f07606f9d7971776ba05b87e161b0ab2c5
- SSDEEP
  
  6144:Vc6L1LQgGOtgTd69zyGVIu/EiRZd4J1BJ1QPg2X:T5kgGOtSdayQIGrRZ6Bp
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2