General

  • Target

    974868db537db4f38112a46890de8e35c3dd446d6b0ea7ad81a147e28e4c9a7a

  • Size

    352KB

  • Sample

    240504-k43h2acd22

  • MD5

    8fa4b3b5a8ce56eacc0a354ce63d7a74

  • SHA1

    09942be0cc28d63986b83730127b29e081fa67fe

  • SHA256

    974868db537db4f38112a46890de8e35c3dd446d6b0ea7ad81a147e28e4c9a7a

  • SHA512

    575b119003e70b21f8b83843c0dde85f4a9b7ed6b437d255ab71e8c3e479d4495cf5bff6d65d15dc8c127abac2893f5a2f7b7a010d3b225a53603506c1f91537

  • SSDEEP

    6144:iWssf/C4kTVZp4RfNkRg+O54aJaMQU+b/i:iWsiC4kTVZp4gRyotb/i

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes
  • url_path

    /advdlc.php

Targets

    • Target

      974868db537db4f38112a46890de8e35c3dd446d6b0ea7ad81a147e28e4c9a7a

    • Size

      352KB

    • MD5

      8fa4b3b5a8ce56eacc0a354ce63d7a74

    • SHA1

      09942be0cc28d63986b83730127b29e081fa67fe

    • SHA256

      974868db537db4f38112a46890de8e35c3dd446d6b0ea7ad81a147e28e4c9a7a

    • SHA512

      575b119003e70b21f8b83843c0dde85f4a9b7ed6b437d255ab71e8c3e479d4495cf5bff6d65d15dc8c127abac2893f5a2f7b7a010d3b225a53603506c1f91537

    • SSDEEP

      6144:iWssf/C4kTVZp4RfNkRg+O54aJaMQU+b/i:iWsiC4kTVZp4gRyotb/i

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks