General

  • Target

    c989744230b3143928e8c07d912abc2c01fdbda2e7fcfe89b2b2120478b3ed04

  • Size

    352KB

  • Sample

    240504-nzwfpsfh65

  • MD5

    13be2c55d42353f9e234a6c42d8cf8eb

  • SHA1

    62788c013d44686be1cd2fd149fe8c4a3c9e873b

  • SHA256

    c989744230b3143928e8c07d912abc2c01fdbda2e7fcfe89b2b2120478b3ed04

  • SHA512

    9c3449d6fe16b846b1a691918ce9a6aa65b3f2710efaeaf0dde7c7017cb3e2933f57d5365a4c11c5d2ccb1e45fbebc1cbbb86f746e3f07f2f552839db54bc986

  • SSDEEP

    6144:EBB7OH40uVH4hbug1gEN+1vBH0Ioma6zPihNjWEbZuUhb/a:EBYH40uYj1nCvl0qacPi/jWBib/a

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes
  • url_path

    /advdlc.php

Targets

    • Target

      c989744230b3143928e8c07d912abc2c01fdbda2e7fcfe89b2b2120478b3ed04

    • Size

      352KB

    • MD5

      13be2c55d42353f9e234a6c42d8cf8eb

    • SHA1

      62788c013d44686be1cd2fd149fe8c4a3c9e873b

    • SHA256

      c989744230b3143928e8c07d912abc2c01fdbda2e7fcfe89b2b2120478b3ed04

    • SHA512

      9c3449d6fe16b846b1a691918ce9a6aa65b3f2710efaeaf0dde7c7017cb3e2933f57d5365a4c11c5d2ccb1e45fbebc1cbbb86f746e3f07f2f552839db54bc986

    • SSDEEP

      6144:EBB7OH40uVH4hbug1gEN+1vBH0Ioma6zPihNjWEbZuUhb/a:EBYH40uYj1nCvl0qacPi/jWBib/a

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks