General

  • Target

    7a29851354e79e81196b11b6c0f58e6688ad0b836ebfa90901e6820575bb95d1

  • Size

    313KB

  • Sample

    240403-h6vj4aad71

  • MD5

    2bc0f06eabd5311d1f8140c75d714bdb

  • SHA1

    aae59221a4b751b23825eea8f408cb6254e311dd

  • SHA256

    7a29851354e79e81196b11b6c0f58e6688ad0b836ebfa90901e6820575bb95d1

  • SHA512

    16d13750f367606c9271f732ba5a35543c72b96edecfbecb4fa33100d85cb355a16352d3c31b5c96c303d3431d0233aabb6e3c14b4a352ad5c7a716ce7db59d6

  • SSDEEP

    6144:83lGQ1wwezUW51dZS5lrp/QVY+1CtiMT:83lGQmjN51dclrdQZ+3

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes
  • url_path

    /advdlc.php

Targets

    • Target

      7a29851354e79e81196b11b6c0f58e6688ad0b836ebfa90901e6820575bb95d1

    • Size

      313KB

    • MD5

      2bc0f06eabd5311d1f8140c75d714bdb

    • SHA1

      aae59221a4b751b23825eea8f408cb6254e311dd

    • SHA256

      7a29851354e79e81196b11b6c0f58e6688ad0b836ebfa90901e6820575bb95d1

    • SHA512

      16d13750f367606c9271f732ba5a35543c72b96edecfbecb4fa33100d85cb355a16352d3c31b5c96c303d3431d0233aabb6e3c14b4a352ad5c7a716ce7db59d6

    • SSDEEP

      6144:83lGQ1wwezUW51dZS5lrp/QVY+1CtiMT:83lGQmjN51dclrdQZ+3

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks