General

  • Target

    d5ca492a5e2bbaf11fb1b5c41b9ab76308cb13a4dc2b5ddd9d79ec8acfee0626

  • Size

    349KB

  • Sample

    240503-fvl3gafh7w

  • MD5

    679ff62edcf27bdc96970bf18a6aee82

  • SHA1

    64ba5b5be24662af28c85d9e7af0afd9c5903366

  • SHA256

    d5ca492a5e2bbaf11fb1b5c41b9ab76308cb13a4dc2b5ddd9d79ec8acfee0626

  • SHA512

    48525e2c2d283ea7731dee58b2d187940cb969948e3458c5b6ede11b951c9d63a0e9d5e8e6d53df35cac247e562cca45a90e3ba575f7338e88157df7e1a29154

  • SSDEEP

    6144:Ax5WUFf+JrKUBbMwj7F4La1XpgDdr6eZUzxtI:AfT+Jr1BbMeBpgBJm

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes
  • url_path

    /advdlc.php

Targets

    • Target

      d5ca492a5e2bbaf11fb1b5c41b9ab76308cb13a4dc2b5ddd9d79ec8acfee0626

    • Size

      349KB

    • MD5

      679ff62edcf27bdc96970bf18a6aee82

    • SHA1

      64ba5b5be24662af28c85d9e7af0afd9c5903366

    • SHA256

      d5ca492a5e2bbaf11fb1b5c41b9ab76308cb13a4dc2b5ddd9d79ec8acfee0626

    • SHA512

      48525e2c2d283ea7731dee58b2d187940cb969948e3458c5b6ede11b951c9d63a0e9d5e8e6d53df35cac247e562cca45a90e3ba575f7338e88157df7e1a29154

    • SSDEEP

      6144:Ax5WUFf+JrKUBbMwj7F4La1XpgDdr6eZUzxtI:AfT+Jr1BbMeBpgBJm

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks