General

  • Target

    e45490e7235a2535487d99a13af8848689e2fdd341a58288f179cf7bb33a34d0

  • Size

    283KB

  • Sample

    240505-ps5lgaab51

  • MD5

    268e97cd570b861578293d9beb9ab3f3

  • SHA1

    897521f0c4ae5cf8cc2820d4f1f5e1748cbca110

  • SHA256

    e45490e7235a2535487d99a13af8848689e2fdd341a58288f179cf7bb33a34d0

  • SHA512

    53df5fcc6054b07d3d6b76b78f3c3343d0f01ce8dc8acb3b073b947eb1cb9d67964487bb89ffb2150506a7161ce0325e6dcf38e194e70420c299c128812ff0c6

  • SSDEEP

    3072:iBKl8zRU9N+iSZ0KfFyMW8bIOP0SbUr/oDuOJ2GDHbD0o5e5KOn:98zdZjsMnIOP0SS/YCGY5K

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes
  • url_path

    /advdlc.php

Targets

    • Target

      e45490e7235a2535487d99a13af8848689e2fdd341a58288f179cf7bb33a34d0

    • Size

      283KB

    • MD5

      268e97cd570b861578293d9beb9ab3f3

    • SHA1

      897521f0c4ae5cf8cc2820d4f1f5e1748cbca110

    • SHA256

      e45490e7235a2535487d99a13af8848689e2fdd341a58288f179cf7bb33a34d0

    • SHA512

      53df5fcc6054b07d3d6b76b78f3c3343d0f01ce8dc8acb3b073b947eb1cb9d67964487bb89ffb2150506a7161ce0325e6dcf38e194e70420c299c128812ff0c6

    • SSDEEP

      3072:iBKl8zRU9N+iSZ0KfFyMW8bIOP0SbUr/oDuOJ2GDHbD0o5e5KOn:98zdZjsMnIOP0SS/YCGY5K

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks