gcleaner | fee89deac4162c2e3516a5c72225f57f81662cabefefb8de06c8a7a77b9d10b5 | Triage

Sharing

General

Target

fee89deac4162c2e3516a5c72225f57f81662cabefefb8de06c8a7a77b9d10b5
Size

398KB
Sample

240624-xx8gxsycrh
MD5

1ffc6e6d79fc16c389cb23c217bb3fad
SHA1

dfa799918f9aec45d0fdb5bfb3e03a89a77378ae
SHA256

fee89deac4162c2e3516a5c72225f57f81662cabefefb8de06c8a7a77b9d10b5
SHA512

d8dc035b7cd545287e0ea6f4ca7ce6eb1ed80ff00e10a4f1759f905fdb9be399565b65c0cf61dae3f746d979b36d4780b845115ef5b8c7167e14fdca77467fe9
SSDEEP

3072:vTS4zuqL65IW38lLOOqsPNRHPrvxAn99kNLYYb989AI50vSaK95qRJ9rfwzQT5bL:vWFqLfW3wv3HHrxA9ub9CIRLrf0w

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  fee89deac4162c2e3516a5c72225f57f81662cabefefb8de06c8a7a77b9d10b5
- Size
  
  398KB
- MD5
  
  1ffc6e6d79fc16c389cb23c217bb3fad
- SHA1
  
  dfa799918f9aec45d0fdb5bfb3e03a89a77378ae
- SHA256
  
  fee89deac4162c2e3516a5c72225f57f81662cabefefb8de06c8a7a77b9d10b5
- SHA512
  
  d8dc035b7cd545287e0ea6f4ca7ce6eb1ed80ff00e10a4f1759f905fdb9be399565b65c0cf61dae3f746d979b36d4780b845115ef5b8c7167e14fdca77467fe9
- SSDEEP
  
  3072:vTS4zuqL65IW38lLOOqsPNRHPrvxAn99kNLYYb989AI50vSaK95qRJ9rfwzQT5bL:vWFqLfW3wv3HHrxA9ub9CIRLrf0w
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2