General

  • Target

    0f42dc86e96437862f655eb57409e7ca056a4dc8180c36fa5106383ab5457cb3

  • Size

    284KB

  • Sample

    240505-n4nxesce95

  • MD5

    9c1842d35ebecf116cb5782c3b337af5

  • SHA1

    89a726df5828292685f05de2151a8c6a19962d8f

  • SHA256

    0f42dc86e96437862f655eb57409e7ca056a4dc8180c36fa5106383ab5457cb3

  • SHA512

    c04d8b520f8bf9e8f8acf0ac5f6ca483c42b099eb39de5cf41ff48d5f2949bf3552344813c2973afcb8153c0f4289ae94194aa6cd473c2f2491c0cd84b8bd979

  • SSDEEP

    3072:LB7XkeslzTlP912sSzLR/N9jhGeyCblDXGCCCqNPMK19Hbv5WjKOnx:BkestTlV1PSzLRV9NGXOcCChBZQjK

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes
  • url_path

    /advdlc.php

Targets

    • Target

      0f42dc86e96437862f655eb57409e7ca056a4dc8180c36fa5106383ab5457cb3

    • Size

      284KB

    • MD5

      9c1842d35ebecf116cb5782c3b337af5

    • SHA1

      89a726df5828292685f05de2151a8c6a19962d8f

    • SHA256

      0f42dc86e96437862f655eb57409e7ca056a4dc8180c36fa5106383ab5457cb3

    • SHA512

      c04d8b520f8bf9e8f8acf0ac5f6ca483c42b099eb39de5cf41ff48d5f2949bf3552344813c2973afcb8153c0f4289ae94194aa6cd473c2f2491c0cd84b8bd979

    • SSDEEP

      3072:LB7XkeslzTlP912sSzLR/N9jhGeyCblDXGCCCqNPMK19Hbv5WjKOnx:BkestTlV1PSzLRV9NGXOcCChBZQjK

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks