General

  • Target

    c429fef03ca43b03a35ec1834d99899cca6ae63afacebc692ea88177f7bd80dd

  • Size

    246KB

  • Sample

    240402-xqhmxsaf28

  • MD5

    5e31ba1a88b6995e9f89043e1cb5ed18

  • SHA1

    a03fe047de0bb4204f35cd6324ff3834220f6095

  • SHA256

    c429fef03ca43b03a35ec1834d99899cca6ae63afacebc692ea88177f7bd80dd

  • SHA512

    c4092bd2f242e48142033aa6948111e43368be75c108efa45049714a35e0909a1276b4724ee56c594b520ad41511b9f72634d3b04b947f43294d7bf742fe4f15

  • SSDEEP

    3072:9E6G8VgqMocZ9b2EvgOBps08/6DGJPxpMpGyog1lxgrCO9xz+crPM1kXQtEGL:9ErqMocDb2ENpDDoYpeU3axz9GkAq

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes
  • url_path

    /advdlc.php

Targets

    • Target

      c429fef03ca43b03a35ec1834d99899cca6ae63afacebc692ea88177f7bd80dd

    • Size

      246KB

    • MD5

      5e31ba1a88b6995e9f89043e1cb5ed18

    • SHA1

      a03fe047de0bb4204f35cd6324ff3834220f6095

    • SHA256

      c429fef03ca43b03a35ec1834d99899cca6ae63afacebc692ea88177f7bd80dd

    • SHA512

      c4092bd2f242e48142033aa6948111e43368be75c108efa45049714a35e0909a1276b4724ee56c594b520ad41511b9f72634d3b04b947f43294d7bf742fe4f15

    • SSDEEP

      3072:9E6G8VgqMocZ9b2EvgOBps08/6DGJPxpMpGyog1lxgrCO9xz+crPM1kXQtEGL:9ErqMocDb2ENpDDoYpeU3axz9GkAq

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks