General

  • Target

    e4c9fb22f6871a7e949dad9346d211f0ddc63bf316c0f666e24a04aca0fb2950

  • Size

    247KB

  • Sample

    240402-prptmaac59

  • MD5

    1f0bd12c5c3db34be0def451a279b60d

  • SHA1

    9ff62ba907c1b76143d2a62d45c9584cdee6e1fd

  • SHA256

    e4c9fb22f6871a7e949dad9346d211f0ddc63bf316c0f666e24a04aca0fb2950

  • SHA512

    8e888f3920ec8a8ac9740dc48d1cfd5581d3844a8f973e5a13e13fb9f00feb21a96cc0077b277ccc09953a27ad915a41eabc0b9a623f0c1c99faceed7fdc28f3

  • SSDEEP

    3072:S94fQ3h9g2sgjHUXGkb2eJmDG5ig/dO1CNAL5On72yhOZdvPjioiwJlmQ1Psp0G:S9N3h9g2sJQDGggV5B4zJP1Pg0G

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes
  • url_path

    /advdlc.php

Targets

    • Target

      e4c9fb22f6871a7e949dad9346d211f0ddc63bf316c0f666e24a04aca0fb2950

    • Size

      247KB

    • MD5

      1f0bd12c5c3db34be0def451a279b60d

    • SHA1

      9ff62ba907c1b76143d2a62d45c9584cdee6e1fd

    • SHA256

      e4c9fb22f6871a7e949dad9346d211f0ddc63bf316c0f666e24a04aca0fb2950

    • SHA512

      8e888f3920ec8a8ac9740dc48d1cfd5581d3844a8f973e5a13e13fb9f00feb21a96cc0077b277ccc09953a27ad915a41eabc0b9a623f0c1c99faceed7fdc28f3

    • SSDEEP

      3072:S94fQ3h9g2sgjHUXGkb2eJmDG5ig/dO1CNAL5On72yhOZdvPjioiwJlmQ1Psp0G:S9N3h9g2sJQDGggV5B4zJP1Pg0G

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks