General

  • Target

    64461494adfa38ed8e6874e73d5aeb8f25f02f04f1e25576ce272ad39a2adba4

  • Size

    272KB

  • Sample

    240502-21tv6agh6y

  • MD5

    971b3277d0d79d8351f0cc74a5ea7309

  • SHA1

    1c96e5ae4017c73df5a3e2f39e28adf8e4619316

  • SHA256

    64461494adfa38ed8e6874e73d5aeb8f25f02f04f1e25576ce272ad39a2adba4

  • SHA512

    c15d4e25481164d7a6b62d3ba96a3b5fc0bf19ced797a2dd9e3e253376bf468b061f0a7a2a5a17ac5bd7601e53c92377d4b518c702c38b21d9d77efaade51307

  • SSDEEP

    6144:qTKE6S+gQjFW3bnllJJi7UBYjXQOm0x4VTlQD:oEm3bnllG7Z3rM

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes
  • url_path

    /advdlc.php

Targets

    • Target

      64461494adfa38ed8e6874e73d5aeb8f25f02f04f1e25576ce272ad39a2adba4

    • Size

      272KB

    • MD5

      971b3277d0d79d8351f0cc74a5ea7309

    • SHA1

      1c96e5ae4017c73df5a3e2f39e28adf8e4619316

    • SHA256

      64461494adfa38ed8e6874e73d5aeb8f25f02f04f1e25576ce272ad39a2adba4

    • SHA512

      c15d4e25481164d7a6b62d3ba96a3b5fc0bf19ced797a2dd9e3e253376bf468b061f0a7a2a5a17ac5bd7601e53c92377d4b518c702c38b21d9d77efaade51307

    • SSDEEP

      6144:qTKE6S+gQjFW3bnllJJi7UBYjXQOm0x4VTlQD:oEm3bnllG7Z3rM

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks