gcleaner | 7b1aba84c56e0ba389be083eeb723fa58cd6b1b89ccd9da368aec078afe6815e | Triage

Sharing

General

Target

7b1aba84c56e0ba389be083eeb723fa58cd6b1b89ccd9da368aec078afe6815e
Size

313KB
Sample

240621-fqhjgsyeka
MD5

0ff1685cec809ef4ad6f87eaaa511469
SHA1

4374b34338c6dbf9b86b32c9174836ee3689389b
SHA256

7b1aba84c56e0ba389be083eeb723fa58cd6b1b89ccd9da368aec078afe6815e
SHA512

5b61991b865b3c6a3959abc3b6f6b4e6ea575ecec3f1dbc3746c6858861cf0e2801a3a9719053a831bc27401b2841f70a135e88a8865102813496c036195f0a9
SSDEEP

3072:IeXEKUxdeKCXf/x7GKKqbjxLorIHFapgCIHeYvEKeOiLDvmJQ39Sdu8gw/M87tf:5U1/Zcf/xCCCrzpgrxleFLDvmO9SEu/

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  7b1aba84c56e0ba389be083eeb723fa58cd6b1b89ccd9da368aec078afe6815e
- Size
  
  313KB
- MD5
  
  0ff1685cec809ef4ad6f87eaaa511469
- SHA1
  
  4374b34338c6dbf9b86b32c9174836ee3689389b
- SHA256
  
  7b1aba84c56e0ba389be083eeb723fa58cd6b1b89ccd9da368aec078afe6815e
- SHA512
  
  5b61991b865b3c6a3959abc3b6f6b4e6ea575ecec3f1dbc3746c6858861cf0e2801a3a9719053a831bc27401b2841f70a135e88a8865102813496c036195f0a9
- SSDEEP
  
  3072:IeXEKUxdeKCXf/x7GKKqbjxLorIHFapgCIHeYvEKeOiLDvmJQ39Sdu8gw/M87tf:5U1/Zcf/xCCCrzpgrxleFLDvmO9SEu/
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2