gcleaner | f03e8b7cb69fb4f0c4547257a4952a0c5be8f76dff3fddd0d161b099480df0b9 | Triage

Sharing

General

Target

f03e8b7cb69fb4f0c4547257a4952a0c5be8f76dff3fddd0d161b099480df0b9
Size

311KB
Sample

240712-gf4jmstaqb
MD5

c97388da696eb8faa014fe1bfd156874
SHA1

855a68cc100fae5e51a9cb1f79c80ce0989e00ed
SHA256

f03e8b7cb69fb4f0c4547257a4952a0c5be8f76dff3fddd0d161b099480df0b9
SHA512

d01f4d789c2102d8d50b237360dba661a0970c8625dacaf36385792eb2723cd7301642f8d41fb15f90393c7c4b792a585ccc6b6bc3020a3e96f41d0d6178af4d
SSDEEP

3072:ukqx3j3DBWYiAVf/45nW6q8eEaoHiskQIUITJBKSvB4bqq5jS3Me308TXGs/N:uj3pndf/2W6gEaokhBPvBzee35V/

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

185.172.128.69

Attributes

url_path
/advdlc.php

Targets

- Target
  
  f03e8b7cb69fb4f0c4547257a4952a0c5be8f76dff3fddd0d161b099480df0b9
- Size
  
  311KB
- MD5
  
  c97388da696eb8faa014fe1bfd156874
- SHA1
  
  855a68cc100fae5e51a9cb1f79c80ce0989e00ed
- SHA256
  
  f03e8b7cb69fb4f0c4547257a4952a0c5be8f76dff3fddd0d161b099480df0b9
- SHA512
  
  d01f4d789c2102d8d50b237360dba661a0970c8625dacaf36385792eb2723cd7301642f8d41fb15f90393c7c4b792a585ccc6b6bc3020a3e96f41d0d6178af4d
- SSDEEP
  
  3072:ukqx3j3DBWYiAVf/45nW6q8eEaoHiskQIUITJBKSvB4bqq5jS3Me308TXGs/N:uj3pndf/2W6gEaokhBPvBzee35V/
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2