gcleaner | 10ba5ea6d7118911b49c78c9cfcd9436291993cab57473896df6e2051f370a62 | Triage

Sharing

General

Target

10ba5ea6d7118911b49c78c9cfcd9436291993cab57473896df6e2051f370a62
Size

237KB
Sample

240709-p2m3savcqm
MD5

beb60cefe2b2df34e03597daeec17c16
SHA1

8b9f0d725cc2b398fbecde6db29550a7cca74992
SHA256

10ba5ea6d7118911b49c78c9cfcd9436291993cab57473896df6e2051f370a62
SHA512

af87a6450116b9d6958b7b8b5f960f14a23f4850b3d9e2d250052f718eef081f2f5218b883556e02c7f00ddcbda7467634d9109987363c73f80e375e16981b5f
SSDEEP

3072:xT29zMie9ASIaX7c3DHpMjksGkc+bvR3Fc2T+XZ5hV0LCuUmwp8J2B:t29aIaLGH8Ib+TRHT+J5MCuUJp8wB

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

185.172.128.69

Attributes

url_path
/advdlc.php

Targets

- Target
  
  10ba5ea6d7118911b49c78c9cfcd9436291993cab57473896df6e2051f370a62
- Size
  
  237KB
- MD5
  
  beb60cefe2b2df34e03597daeec17c16
- SHA1
  
  8b9f0d725cc2b398fbecde6db29550a7cca74992
- SHA256
  
  10ba5ea6d7118911b49c78c9cfcd9436291993cab57473896df6e2051f370a62
- SHA512
  
  af87a6450116b9d6958b7b8b5f960f14a23f4850b3d9e2d250052f718eef081f2f5218b883556e02c7f00ddcbda7467634d9109987363c73f80e375e16981b5f
- SSDEEP
  
  3072:xT29zMie9ASIaX7c3DHpMjksGkc+bvR3Fc2T+XZ5hV0LCuUmwp8J2B:t29aIaLGH8Ib+TRHT+J5MCuUJp8wB
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2