gcleaner | eed4a4681af34018383d7920ecde367f13e7d7cd1c975781f04721626fe27cae | Triage

Sharing

General

Target

eed4a4681af34018383d7920ecde367f13e7d7cd1c975781f04721626fe27cae
Size

250KB
Sample

240622-pmn2jasbmk
MD5

9dbf0ab1282149bc82dff345abaadb08
SHA1

4fbed20722f1c70d8de684ab7575d31354c67c9e
SHA256

eed4a4681af34018383d7920ecde367f13e7d7cd1c975781f04721626fe27cae
SHA512

7f4c62279a3a844ab9d261fa7a91789f06298381f5355f641d28370b0dd6f0fb26849205e33c619ab302b9df4caa25c5d25671d240c1eb85cc93f368a807966f
SSDEEP

6144:WxGHgI7iY80DQS4Fm2nvB8/MPjYBVVF23M:W0HgIm2QSCm2nZ/Ym3

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

185.172.128.69

Attributes

url_path
/advdlc.php

Targets

- Target
  
  eed4a4681af34018383d7920ecde367f13e7d7cd1c975781f04721626fe27cae
- Size
  
  250KB
- MD5
  
  9dbf0ab1282149bc82dff345abaadb08
- SHA1
  
  4fbed20722f1c70d8de684ab7575d31354c67c9e
- SHA256
  
  eed4a4681af34018383d7920ecde367f13e7d7cd1c975781f04721626fe27cae
- SHA512
  
  7f4c62279a3a844ab9d261fa7a91789f06298381f5355f641d28370b0dd6f0fb26849205e33c619ab302b9df4caa25c5d25671d240c1eb85cc93f368a807966f
- SSDEEP
  
  6144:WxGHgI7iY80DQS4Fm2nvB8/MPjYBVVF23M:W0HgIm2QSCm2nZ/Ym3
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2