gcleaner | dd303f9c85073861ab77863814c1ffe48e3d46fec126f2be246837ee7930ff6c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dd303f9c85073861ab77863814c1ffe48e3d46fec126f2be246837ee7930ff6c
Size

2.2MB
Sample

240308-rgcsesgh74
MD5

40e9952d6086854aeae86431ca387a1c
SHA1

f9b0087ec6e2531d0483aacaea893f90a06b1357
SHA256

dd303f9c85073861ab77863814c1ffe48e3d46fec126f2be246837ee7930ff6c
SHA512

18d8b9cc4598a71ac200d1a307eadf46869fa6480723dc14f5127b06bfefeb29b02328995dec9ac21ac5f3f5158b55a8e53a08b74fc378b20cbbaf51f8e34dea
SSDEEP

24576:YP3h/JPd0bJ60h7xyGWHPApPK0aTvYrbtpnSk763jc+Sd/1UuN3XzPQVwqU:YPhr0bvh7xyGmJTYbOk763jc+0NTn

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

85.31.45.39

85.31.45.250

85.31.45.251

85.31.45.88

Attributes

url_path
/b.php

/d.php

/d.php

Targets

- Target
  
  dd303f9c85073861ab77863814c1ffe48e3d46fec126f2be246837ee7930ff6c
- Size
  
  2.2MB
- MD5
  
  40e9952d6086854aeae86431ca387a1c
- SHA1
  
  f9b0087ec6e2531d0483aacaea893f90a06b1357
- SHA256
  
  dd303f9c85073861ab77863814c1ffe48e3d46fec126f2be246837ee7930ff6c
- SHA512
  
  18d8b9cc4598a71ac200d1a307eadf46869fa6480723dc14f5127b06bfefeb29b02328995dec9ac21ac5f3f5158b55a8e53a08b74fc378b20cbbaf51f8e34dea
- SSDEEP
  
  24576:YP3h/JPd0bJ60h7xyGWHPApPK0aTvYrbtpnSk763jc+Sd/1UuN3XzPQVwqU:YPhr0bvh7xyGmJTYbOk763jc+0NTn
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2