gcleaner | 4edbd44e24ae08b8c3466ad3522cb73ade37df9528864a238b643050914c1217 | Triage

Sharing

General

Target

4edbd44e24ae08b8c3466ad3522cb73ade37df9528864a238b643050914c1217
Size

2.7MB
Sample

231101-v1rx8scg84
MD5

f1548fa91906e9a0c2a121041db32833
SHA1

6d4b3857817ccc324358b72f1a371f4da1141db4
SHA256

4edbd44e24ae08b8c3466ad3522cb73ade37df9528864a238b643050914c1217
SHA512

38ba001f9f44d1fc017e7c124c1210c9f710cc435cb5a376b8deae7d4cfb4d930e17c6d496c4ea1b056ebcb18d4d739ee59adbb0776396067330fd3cd00ff8cd
SSDEEP

49152:MOprpVWuoKMJaNJjdqn4dwH5MalHX8va6:NpVrLMJaNJjdqn4dwH5M8Aa6

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

208.67.106.156

37.139.129.24

193.151.183.73

208.67.104.141

Attributes

url_path
/i.php

/get.php

/setup.php

/setup.php

Targets

- Target
  
  4edbd44e24ae08b8c3466ad3522cb73ade37df9528864a238b643050914c1217
- Size
  
  2.7MB
- MD5
  
  f1548fa91906e9a0c2a121041db32833
- SHA1
  
  6d4b3857817ccc324358b72f1a371f4da1141db4
- SHA256
  
  4edbd44e24ae08b8c3466ad3522cb73ade37df9528864a238b643050914c1217
- SHA512
  
  38ba001f9f44d1fc017e7c124c1210c9f710cc435cb5a376b8deae7d4cfb4d930e17c6d496c4ea1b056ebcb18d4d739ee59adbb0776396067330fd3cd00ff8cd
- SSDEEP
  
  49152:MOprpVWuoKMJaNJjdqn4dwH5MalHX8va6:NpVrLMJaNJjdqn4dwH5M8Aa6
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2