General

  • Target

    b27f370ff89792d7532cac4cf00292ea611d6f0c44ab90e59eb9bdfafbbf853a

  • Size

    282KB

  • Sample

    240505-sjkfqagf53

  • MD5

    f1ad47d0094c05e9f43ff39dec234603

  • SHA1

    2927e47791d1d8aed3ba09c5d5ddc8855535423e

  • SHA256

    b27f370ff89792d7532cac4cf00292ea611d6f0c44ab90e59eb9bdfafbbf853a

  • SHA512

    1470e22f6063b44c851f5934753d0ec253e0808513301cfff611b994888ec1ef96dd4314969700950fa04384784c4cafd5a72ca78bed6ef5308e718c0c6eafcf

  • SSDEEP

    3072:7BeO8hzt0aMZ+bGH8crXa9e6aw8BJ1WxXLfVEQjGfzhv5eFKOn:r8hJ0L+SH8eq9TaV7w7fuQ22FK

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes
  • url_path

    /advdlc.php

Targets

    • Target

      b27f370ff89792d7532cac4cf00292ea611d6f0c44ab90e59eb9bdfafbbf853a

    • Size

      282KB

    • MD5

      f1ad47d0094c05e9f43ff39dec234603

    • SHA1

      2927e47791d1d8aed3ba09c5d5ddc8855535423e

    • SHA256

      b27f370ff89792d7532cac4cf00292ea611d6f0c44ab90e59eb9bdfafbbf853a

    • SHA512

      1470e22f6063b44c851f5934753d0ec253e0808513301cfff611b994888ec1ef96dd4314969700950fa04384784c4cafd5a72ca78bed6ef5308e718c0c6eafcf

    • SSDEEP

      3072:7BeO8hzt0aMZ+bGH8crXa9e6aw8BJ1WxXLfVEQjGfzhv5eFKOn:r8hJ0L+SH8eq9TaV7w7fuQ22FK

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks