General

  • Target

    919abe5b43eeec2da2be2984eba1d19a6aa8e17d418cde57236b634d9415e6da

  • Size

    361KB

  • Sample

    240503-tkmsxadf23

  • MD5

    38835f56e057c3d1d73b23a0541e73de

  • SHA1

    4208cab8c29c14bf7045c10ce070e38253d4d5d6

  • SHA256

    919abe5b43eeec2da2be2984eba1d19a6aa8e17d418cde57236b634d9415e6da

  • SHA512

    5f1886367e25094aefb311a562dc98e4ea16e840d440c240ae173bc7c2f0e612356519418dd26ca54ef86ca5ce6e0970bd93554a250f6fa526ebc89f9d80224c

  • SSDEEP

    3072:v/RWx3Gp/rvbxB+gTpjCI1yk7i1E0eBetbZpuQxKwcRW5t/EicwC2RExdSigqpxq:ckl7j1pkE0LWY5lcwC1dyc10WNni

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes
  • url_path

    /advdlc.php

Targets

    • Target

      919abe5b43eeec2da2be2984eba1d19a6aa8e17d418cde57236b634d9415e6da

    • Size

      361KB

    • MD5

      38835f56e057c3d1d73b23a0541e73de

    • SHA1

      4208cab8c29c14bf7045c10ce070e38253d4d5d6

    • SHA256

      919abe5b43eeec2da2be2984eba1d19a6aa8e17d418cde57236b634d9415e6da

    • SHA512

      5f1886367e25094aefb311a562dc98e4ea16e840d440c240ae173bc7c2f0e612356519418dd26ca54ef86ca5ce6e0970bd93554a250f6fa526ebc89f9d80224c

    • SSDEEP

      3072:v/RWx3Gp/rvbxB+gTpjCI1yk7i1E0eBetbZpuQxKwcRW5t/EicwC2RExdSigqpxq:ckl7j1pkE0LWY5lcwC1dyc10WNni

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks