gcleaner | 3eb76d6ba4da9317d14ba30e738fd31f6233399c945c17b3432da26bda2d2bc5 | Triage

Sharing

General

Target

3eb76d6ba4da9317d14ba30e738fd31f6233399c945c17b3432da26bda2d2bc5
Size

298KB
Sample

240621-pwdl6azeje
MD5

7a5b4d1acfcf7254b548d7c398677bec
SHA1

f58bd58bce8c106c3f0e23fac7f1bbdb390004ed
SHA256

3eb76d6ba4da9317d14ba30e738fd31f6233399c945c17b3432da26bda2d2bc5
SHA512

e605c274c445d7ab331fe1d05d8db26c7fe8d007dd0a02dd95e73c17233f7282fb61871eff2c0e6d5a4863ac0f2f2ac6eaf5e716884d04c524750cf60ed64707
SSDEEP

6144:FDwkbztVn3FIqgMVAfuO/Typ80VXiQX/:F8kbztrAJO7zv

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

185.172.128.69

Attributes

url_path
/advdlc.php

Targets

- Target
  
  3eb76d6ba4da9317d14ba30e738fd31f6233399c945c17b3432da26bda2d2bc5
- Size
  
  298KB
- MD5
  
  7a5b4d1acfcf7254b548d7c398677bec
- SHA1
  
  f58bd58bce8c106c3f0e23fac7f1bbdb390004ed
- SHA256
  
  3eb76d6ba4da9317d14ba30e738fd31f6233399c945c17b3432da26bda2d2bc5
- SHA512
  
  e605c274c445d7ab331fe1d05d8db26c7fe8d007dd0a02dd95e73c17233f7282fb61871eff2c0e6d5a4863ac0f2f2ac6eaf5e716884d04c524750cf60ed64707
- SSDEEP
  
  6144:FDwkbztVn3FIqgMVAfuO/Typ80VXiQX/:F8kbztrAJO7zv
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2