General

  • Target

    b6705cf3f30d2a43e59211b422a7e4615df89f2abb665913cca1a42dfa3439b3

  • Size

    284KB

  • Sample

    240503-ekx7baee7s

  • MD5

    0ed9292e1946d472b8855fc0955a34dd

  • SHA1

    7eee841bf74ecb99b4646ab7ee3b02553238decc

  • SHA256

    b6705cf3f30d2a43e59211b422a7e4615df89f2abb665913cca1a42dfa3439b3

  • SHA512

    c3a2e8abaa7f5423263a9e431e49d92f5ffbdb1577995e5ef60f22903c98bb557fe43bec38e43996efa072e14cd534bd6e1acc67477a0df6c5bb73e132aee1ef

  • SSDEEP

    3072:V8yBHCdzgEMp6LimDJYPYBYYaRvh0LAbGFZeQc1pJqEAI5c4gBQbn5h:jHCd81p47lD+YStGFZOPqEA940QD5

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes
  • url_path

    /advdlc.php

Targets

    • Target

      b6705cf3f30d2a43e59211b422a7e4615df89f2abb665913cca1a42dfa3439b3

    • Size

      284KB

    • MD5

      0ed9292e1946d472b8855fc0955a34dd

    • SHA1

      7eee841bf74ecb99b4646ab7ee3b02553238decc

    • SHA256

      b6705cf3f30d2a43e59211b422a7e4615df89f2abb665913cca1a42dfa3439b3

    • SHA512

      c3a2e8abaa7f5423263a9e431e49d92f5ffbdb1577995e5ef60f22903c98bb557fe43bec38e43996efa072e14cd534bd6e1acc67477a0df6c5bb73e132aee1ef

    • SSDEEP

      3072:V8yBHCdzgEMp6LimDJYPYBYYaRvh0LAbGFZeQc1pJqEAI5c4gBQbn5h:jHCd81p47lD+YStGFZOPqEA940QD5

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks