gcleaner | 54896bfdde0d66c3fc85898e90aa2359a51358d4fddbad8f13302b3e4cf3a83b | Triage

Submit
Reports

Overview

overview

Static

static

3

54896bfdde...3b.exe

windows7-x64

54896bfdde...3b.exe

windows10-2004-x64

Sharing

General

Target

54896bfdde0d66c3fc85898e90aa2359a51358d4fddbad8f13302b3e4cf3a83b
Size

253KB
Sample

240625-z8aq5swgpr
MD5

07a81c3a25260a6fc1575bc83d9eef63
SHA1

800e6ca67807efc53d4c165091471f034329cde7
SHA256

54896bfdde0d66c3fc85898e90aa2359a51358d4fddbad8f13302b3e4cf3a83b
SHA512

4e15240e7d5ff7db4acbff5dcdfdeb6f40c93d8b2836c532c68f2d1d0a79ed1daaf50e95e74484c85672e3a1e168ba1c425115a8f44f30cbd022adc068966258
SSDEEP

3072:djZ7gH2N1txNgOT6xYrV1Hz2Hy3iU79HllHkNYUceoD2lVgxsaniXJuLhK:d6H2N1tjzHCHAiU7VkywSiI4

Score

10^/10

gcleaner loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

54896bfdde0d66c3fc85898e90aa2359a51358d4fddbad8f13302b3e4cf3a83b.exe

Resource

win7-20240419-en

gcleaner loader

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

54896bfdde0d66c3fc85898e90aa2359a51358d4fddbad8f13302b3e4cf3a83b.exe

Resource

win10v2004-20240226-en

gcleaner loader

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

185.172.128.69

Attributes

url_path
/advdlc.php

Targets

- Target
  
  54896bfdde0d66c3fc85898e90aa2359a51358d4fddbad8f13302b3e4cf3a83b
- Size
  
  253KB
- MD5
  
  07a81c3a25260a6fc1575bc83d9eef63
- SHA1
  
  800e6ca67807efc53d4c165091471f034329cde7
- SHA256
  
  54896bfdde0d66c3fc85898e90aa2359a51358d4fddbad8f13302b3e4cf3a83b
- SHA512
  
  4e15240e7d5ff7db4acbff5dcdfdeb6f40c93d8b2836c532c68f2d1d0a79ed1daaf50e95e74484c85672e3a1e168ba1c425115a8f44f30cbd022adc068966258
- SSDEEP
  
  3072:djZ7gH2N1txNgOT6xYrV1Hz2Hy3iU79HllHkNYUceoD2lVgxsaniXJuLhK:d6H2N1tjzHCHAiU7VkywSiI4
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy