gcleaner | 6630dc597492000e40fb1bbff37712ff3146080dff4d4c937bdd3d145b8b7843 | Triage

Sharing

General

Target

6630dc597492000e40fb1bbff37712ff3146080dff4d4c937bdd3d145b8b7843
Size

370KB
Sample

240710-ad1awawcnc
MD5

a580b91155c0870f7ff1e9dc0ee85328
SHA1

474b5b52d7ec66a6de7164d903275b4759851431
SHA256

6630dc597492000e40fb1bbff37712ff3146080dff4d4c937bdd3d145b8b7843
SHA512

04f20fab6d4ba08542a047988241e4b9d2b6c12a8f39b717973a5eb40c0b49c41ea06aeadc3bbd0abedb5090528ec7172cdb75e60ea863a44478f13f4bc7a68d
SSDEEP

6144:Sy5ngvXvVhXkqnmWuWxEIc9FXp/Q5owrHaLZUJp8TM:95ng/NhXbnmiEV9FZIYU7

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

77.105.160.30

185.172.128.69

Targets

- Target
  
  6630dc597492000e40fb1bbff37712ff3146080dff4d4c937bdd3d145b8b7843
- Size
  
  370KB
- MD5
  
  a580b91155c0870f7ff1e9dc0ee85328
- SHA1
  
  474b5b52d7ec66a6de7164d903275b4759851431
- SHA256
  
  6630dc597492000e40fb1bbff37712ff3146080dff4d4c937bdd3d145b8b7843
- SHA512
  
  04f20fab6d4ba08542a047988241e4b9d2b6c12a8f39b717973a5eb40c0b49c41ea06aeadc3bbd0abedb5090528ec7172cdb75e60ea863a44478f13f4bc7a68d
- SSDEEP
  
  6144:Sy5ngvXvVhXkqnmWuWxEIc9FXp/Q5owrHaLZUJp8TM:95ng/NhXbnmiEV9FZIYU7
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2