General

  • Target

    8b978e1829a9965643026c68e329b5f0846855445fd5cb02ebcb46387e556460

  • Size

    272KB

  • Sample

    240502-yha4jsee61

  • MD5

    3bb26deba3865b0aa4adc43790dc50e7

  • SHA1

    a979e352def9710737e87dadb21099c36ef9f32d

  • SHA256

    8b978e1829a9965643026c68e329b5f0846855445fd5cb02ebcb46387e556460

  • SHA512

    3b79cf3850273e3b2bd1693b40a1a195f12c9f22c77c39ba11fdd15c71341389cc870d6e93cdcf5f39cbd4b65f4638243bd2e9ba85667fb752724743105deb0d

  • SSDEEP

    3072:8LL949WxvC1sykvaw8UAPpC0/cGHBHmsTvJ1l+6zMAkkL5WlgBBQbn:8LL949h1hkhABdcOBZ1l+6Y5kgSPQD

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes
  • url_path

    /advdlc.php

Targets

    • Target

      8b978e1829a9965643026c68e329b5f0846855445fd5cb02ebcb46387e556460

    • Size

      272KB

    • MD5

      3bb26deba3865b0aa4adc43790dc50e7

    • SHA1

      a979e352def9710737e87dadb21099c36ef9f32d

    • SHA256

      8b978e1829a9965643026c68e329b5f0846855445fd5cb02ebcb46387e556460

    • SHA512

      3b79cf3850273e3b2bd1693b40a1a195f12c9f22c77c39ba11fdd15c71341389cc870d6e93cdcf5f39cbd4b65f4638243bd2e9ba85667fb752724743105deb0d

    • SSDEEP

      3072:8LL949WxvC1sykvaw8UAPpC0/cGHBHmsTvJ1l+6zMAkkL5WlgBBQbn:8LL949h1hkhABdcOBZ1l+6Y5kgSPQD

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks