gcleaner | aaf84aa6e7419036b538047571e679779504dc665fba54753f7b07d94002c0ae | Triage

Sharing

General

Target

aaf84aa6e7419036b538047571e679779504dc665fba54753f7b07d94002c0ae
Size

296KB
Sample

240621-t36cza1hqr
MD5

554a111411e3561059a01b9cffdd5fb1
SHA1

3531f7c8cdff317f03c53f67efb4ce927d283169
SHA256

aaf84aa6e7419036b538047571e679779504dc665fba54753f7b07d94002c0ae
SHA512

565b4ef140b5703773d4c2de2825aad49b3bca7205df589a55346ffaa56529cf18b4f3f7dc96eb9cdf42984cc3f5b77ce91eb6c1e1323fb305c26b12aa6eabbb
SSDEEP

3072:B+TlOm8HrKHLwQIcwTg+Qx6cviCHQNetMq/LuYJe1AhBsXall2HXOaH3W:gOfLKH/IcwE+Qx6cvxwNIFhY1BeIZ

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  aaf84aa6e7419036b538047571e679779504dc665fba54753f7b07d94002c0ae
- Size
  
  296KB
- MD5
  
  554a111411e3561059a01b9cffdd5fb1
- SHA1
  
  3531f7c8cdff317f03c53f67efb4ce927d283169
- SHA256
  
  aaf84aa6e7419036b538047571e679779504dc665fba54753f7b07d94002c0ae
- SHA512
  
  565b4ef140b5703773d4c2de2825aad49b3bca7205df589a55346ffaa56529cf18b4f3f7dc96eb9cdf42984cc3f5b77ce91eb6c1e1323fb305c26b12aa6eabbb
- SSDEEP
  
  3072:B+TlOm8HrKHLwQIcwTg+Qx6cviCHQNetMq/LuYJe1AhBsXall2HXOaH3W:gOfLKH/IcwE+Qx6cvxwNIFhY1BeIZ
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2