General

  • Target

    b12a22b39b777e2c0d20c5d3d963dbc6097bf7db5caa539a4efaaff4ac4118ed

  • Size

    344KB

  • Sample

    240504-ax75tsha9t

  • MD5

    2c739b910de1a7efa801f02436bf4517

  • SHA1

    fc516cb602d8ba0065ede41f3c4b4e85eb72bfa7

  • SHA256

    b12a22b39b777e2c0d20c5d3d963dbc6097bf7db5caa539a4efaaff4ac4118ed

  • SHA512

    6ad05734186ce92012f9028bb2700d74828ae325185a9bfddf2ab409ea7973c6732a5111733a145303280612e3cf38574a139d7dc26bc87f39021488cbc2be14

  • SSDEEP

    3072:NqNrvZg+gpK4q1zUq1jV+CxuCUxFU/2cV2G2TLyCSGSB4mrluuB9lHC5wsFusKDz:d7Xq6uV2U/2cV/2TmCSgmsuBzCuCK0

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes
  • url_path

    /advdlc.php

Targets

    • Target

      b12a22b39b777e2c0d20c5d3d963dbc6097bf7db5caa539a4efaaff4ac4118ed

    • Size

      344KB

    • MD5

      2c739b910de1a7efa801f02436bf4517

    • SHA1

      fc516cb602d8ba0065ede41f3c4b4e85eb72bfa7

    • SHA256

      b12a22b39b777e2c0d20c5d3d963dbc6097bf7db5caa539a4efaaff4ac4118ed

    • SHA512

      6ad05734186ce92012f9028bb2700d74828ae325185a9bfddf2ab409ea7973c6732a5111733a145303280612e3cf38574a139d7dc26bc87f39021488cbc2be14

    • SSDEEP

      3072:NqNrvZg+gpK4q1zUq1jV+CxuCUxFU/2cV2G2TLyCSGSB4mrluuB9lHC5wsFusKDz:d7Xq6uV2U/2cV/2TmCSgmsuBzCuCK0

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks