gcleaner | 03525f80e4c679308884038c3726058398ee957fa885ddcf5d57087e4e28ebf2 | Triage

Sharing

General

Target

03525f80e4c679308884038c3726058398ee957fa885ddcf5d57087e4e28ebf2
Size

316KB
Sample

240328-17hk2aag22
MD5

6270f1801e2389eb5cf0e773460738c9
SHA1

1364b5f0562a063688dd3229b12030d85e524f6e
SHA256

03525f80e4c679308884038c3726058398ee957fa885ddcf5d57087e4e28ebf2
SHA512

adc93a0b48b06bdf46b766f54a74eb05da4e6e36bda532b9b34c86762cb97d69d8f2dd50c616057f683fae50c917dc6c6e4cb8a0334390bb64c834eedddd7028
SSDEEP

3072:axSrqkYWoy8W+bV/XstA1aor+yllpPEJGYrlnX7oa4xSmhK2DC8DRsuwSG0g:axHy8W0aA1dlJEJGi7oa40mrDC8zG

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.115

Targets

- Target
  
  03525f80e4c679308884038c3726058398ee957fa885ddcf5d57087e4e28ebf2
- Size
  
  316KB
- MD5
  
  6270f1801e2389eb5cf0e773460738c9
- SHA1
  
  1364b5f0562a063688dd3229b12030d85e524f6e
- SHA256
  
  03525f80e4c679308884038c3726058398ee957fa885ddcf5d57087e4e28ebf2
- SHA512
  
  adc93a0b48b06bdf46b766f54a74eb05da4e6e36bda532b9b34c86762cb97d69d8f2dd50c616057f683fae50c917dc6c6e4cb8a0334390bb64c834eedddd7028
- SSDEEP
  
  3072:axSrqkYWoy8W+bV/XstA1aor+yllpPEJGYrlnX7oa4xSmhK2DC8DRsuwSG0g:axHy8W0aA1dlJEJGi7oa40mrDC8zG
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2