gcleaner | 868a7044f749209af352af96c2fbfb76236c59d8d3a1f11d13c0f6f0c7632288 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

868a7044f749209af352af96c2fbfb76236c59d8d3a1f11d13c0f6f0c7632288
Size

237KB
Sample

240709-lsh6paxdpk
MD5

d4808eca684f00e6857a95100c29af6c
SHA1

603caf68026133629e43c36cb75392d17a028be9
SHA256

868a7044f749209af352af96c2fbfb76236c59d8d3a1f11d13c0f6f0c7632288
SHA512

4b2a0eff9b328f527c7d163895ae7a051d656882eadc239daf96dd0bc84d65439f7e689351c79e9033149172d3fdb11fda62e1e7b80d2d8a3b82a1f44eb0d5a6
SSDEEP

3072:UI8T335NRqStxfrDhPecaJcuzizoh4FlRZlQdmM3Ah5r9Ni2uPpUmwp8J2I:/qpmSvrdxziOzCUM3cxuPpUJp8wI

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

185.172.128.69

Attributes

url_path
/advdlc.php

Targets

- Target
  
  868a7044f749209af352af96c2fbfb76236c59d8d3a1f11d13c0f6f0c7632288
- Size
  
  237KB
- MD5
  
  d4808eca684f00e6857a95100c29af6c
- SHA1
  
  603caf68026133629e43c36cb75392d17a028be9
- SHA256
  
  868a7044f749209af352af96c2fbfb76236c59d8d3a1f11d13c0f6f0c7632288
- SHA512
  
  4b2a0eff9b328f527c7d163895ae7a051d656882eadc239daf96dd0bc84d65439f7e689351c79e9033149172d3fdb11fda62e1e7b80d2d8a3b82a1f44eb0d5a6
- SSDEEP
  
  3072:UI8T335NRqStxfrDhPecaJcuzizoh4FlRZlQdmM3Ah5r9Ni2uPpUmwp8J2I:/qpmSvrdxziOzCUM3cxuPpUJp8wI
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2