gcleaner | 04cd9eda36e091e9d49917d57852970587b38ac173d58c021e4573968fa35862 | Triage

Sharing

General

Target

04cd9eda36e091e9d49917d57852970587b38ac173d58c021e4573968fa35862
Size

267KB
Sample

240621-m8hersxcjc
MD5

758ef3ac70bed09148f5afde3f920008
SHA1

98631abb82801bd19df3c9ed19688464c9131915
SHA256

04cd9eda36e091e9d49917d57852970587b38ac173d58c021e4573968fa35862
SHA512

a55e3aae3f531f5ce5be6165aa3d9d7c72785acd58e20b01204a49a9ca7b41e4a20b7fd02d58f69d7af39ec5baa406bc09a7f2c55e79307d05d4a5c5318ed715
SSDEEP

3072:zWG8bdodavOTlIV+2WMEf8QyKRqgZP9FO8DI0TS/AY6gw/M87z2:zl8bdOxIUJFp9k8DHt/

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

185.172.128.69

Attributes

url_path
/advdlc.php

Targets

- Target
  
  04cd9eda36e091e9d49917d57852970587b38ac173d58c021e4573968fa35862
- Size
  
  267KB
- MD5
  
  758ef3ac70bed09148f5afde3f920008
- SHA1
  
  98631abb82801bd19df3c9ed19688464c9131915
- SHA256
  
  04cd9eda36e091e9d49917d57852970587b38ac173d58c021e4573968fa35862
- SHA512
  
  a55e3aae3f531f5ce5be6165aa3d9d7c72785acd58e20b01204a49a9ca7b41e4a20b7fd02d58f69d7af39ec5baa406bc09a7f2c55e79307d05d4a5c5318ed715
- SSDEEP
  
  3072:zWG8bdodavOTlIV+2WMEf8QyKRqgZP9FO8DI0TS/AY6gw/M87z2:zl8bdOxIUJFp9k8DHt/
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2