gcleaner | 33d5b1e3e8370c452d43a5214243c39161aec8807af4bf3d7fc2e3c0c75d16a6 | Triage

Sharing

General

Target

33d5b1e3e8370c452d43a5214243c39161aec8807af4bf3d7fc2e3c0c75d16a6
Size

264KB
Sample

240621-w3zljataqq
MD5

2f08961611a8551a6eca8c1283282f4c
SHA1

28569893137943505163fb12b95dca696dec9043
SHA256

33d5b1e3e8370c452d43a5214243c39161aec8807af4bf3d7fc2e3c0c75d16a6
SHA512

6e861ebfdd6edad1f80220c9a24373e08213c16109f9de5fd4fdf4111060b20b2b32d63cd085ce97a67578ac7fe40f4d6a087d2c2399b1675145db6dcf198aa0
SSDEEP

3072:3B248aZ5NhPtrB/8jhLCgr+dT2I9uhrroaoXreZByQvOqMM7UX1u+I0D2ZQaH3W:3SaHNhNBMhOS+kIxa0oByQmtBGD

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

185.172.128.69

Attributes

url_path
/advdlc.php

Targets

- Target
  
  33d5b1e3e8370c452d43a5214243c39161aec8807af4bf3d7fc2e3c0c75d16a6
- Size
  
  264KB
- MD5
  
  2f08961611a8551a6eca8c1283282f4c
- SHA1
  
  28569893137943505163fb12b95dca696dec9043
- SHA256
  
  33d5b1e3e8370c452d43a5214243c39161aec8807af4bf3d7fc2e3c0c75d16a6
- SHA512
  
  6e861ebfdd6edad1f80220c9a24373e08213c16109f9de5fd4fdf4111060b20b2b32d63cd085ce97a67578ac7fe40f4d6a087d2c2399b1675145db6dcf198aa0
- SSDEEP
  
  3072:3B248aZ5NhPtrB/8jhLCgr+dT2I9uhrroaoXreZByQvOqMM7UX1u+I0D2ZQaH3W:3SaHNhNBMhOS+kIxa0oByQmtBGD
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2