General

  • Target

    81a4f2bfa8b01814a7ec8281ce52242676e2b1bc0165602dcb1049d3d91243d6

  • Size

    345KB

  • Sample

    240504-fxb1aaha37

  • MD5

    fa1c4093213e9c53efc5864c959b8428

  • SHA1

    83aae68d6ab8ed59bdfcbf5c3099b9d6dc656ebc

  • SHA256

    81a4f2bfa8b01814a7ec8281ce52242676e2b1bc0165602dcb1049d3d91243d6

  • SHA512

    012494d8cedd19a8e33178c86ec2db2c1b0d790d40c35325e58c6be9b2b1c81a6f5ef902633ac8193e457cb2b6da39c474c6c0d1e462d350c0df0257c0c738a1

  • SSDEEP

    6144:LHNal1SuVTNtCmvtzKBT50Jk1q7Qg+qEAK0:LHiSuVZtC+tzKBT5pk75+MK0

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes
  • url_path

    /advdlc.php

Targets

    • Target

      81a4f2bfa8b01814a7ec8281ce52242676e2b1bc0165602dcb1049d3d91243d6

    • Size

      345KB

    • MD5

      fa1c4093213e9c53efc5864c959b8428

    • SHA1

      83aae68d6ab8ed59bdfcbf5c3099b9d6dc656ebc

    • SHA256

      81a4f2bfa8b01814a7ec8281ce52242676e2b1bc0165602dcb1049d3d91243d6

    • SHA512

      012494d8cedd19a8e33178c86ec2db2c1b0d790d40c35325e58c6be9b2b1c81a6f5ef902633ac8193e457cb2b6da39c474c6c0d1e462d350c0df0257c0c738a1

    • SSDEEP

      6144:LHNal1SuVTNtCmvtzKBT50Jk1q7Qg+qEAK0:LHiSuVZtC+tzKBT5pk75+MK0

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks