General

  • Target

    c109286e96f88079fc1022c84ccfd871ae55be0d1e042da50bfda0d3a4c5a5b8

  • Size

    337KB

  • Sample

    240503-qca8csbb37

  • MD5

    8152ebb935f236e6de574601510ff3d8

  • SHA1

    f8e0094099a1828ea8e7ad2532de0cef3e8eacf4

  • SHA256

    c109286e96f88079fc1022c84ccfd871ae55be0d1e042da50bfda0d3a4c5a5b8

  • SHA512

    02c6198b74e45e2c58d5fae8d8d7785045a168c6c6a21dda16f638a7b4c3bafd34422d4af3b0961755a467628b427b7c062be4682d801071bc9c72f3cc548eed

  • SSDEEP

    3072:XplEUvpDbEgi+obACd5gWbDGII0C2K0J4yoRsPLwjbEgRxf7RmtP5GFusKDJmkH:h5y3GIIfFyCsDsbbfdmVuz

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes
  • url_path

    /advdlc.php

Targets

    • Target

      c109286e96f88079fc1022c84ccfd871ae55be0d1e042da50bfda0d3a4c5a5b8

    • Size

      337KB

    • MD5

      8152ebb935f236e6de574601510ff3d8

    • SHA1

      f8e0094099a1828ea8e7ad2532de0cef3e8eacf4

    • SHA256

      c109286e96f88079fc1022c84ccfd871ae55be0d1e042da50bfda0d3a4c5a5b8

    • SHA512

      02c6198b74e45e2c58d5fae8d8d7785045a168c6c6a21dda16f638a7b4c3bafd34422d4af3b0961755a467628b427b7c062be4682d801071bc9c72f3cc548eed

    • SSDEEP

      3072:XplEUvpDbEgi+obACd5gWbDGII0C2K0J4yoRsPLwjbEgRxf7RmtP5GFusKDJmkH:h5y3GIIfFyCsDsbbfdmVuz

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks