General

  • Target

    bec53e8e538235e734a6f5e7f17f7a5c72437fda290f90e74a3a67dc006aa3e0

  • Size

    287KB

  • Sample

    240507-3v3fsahh38

  • MD5

    c634ed5b386d00aa603722c1aa3f46fe

  • SHA1

    10c5f758867eb011860ef028a96d68205af8b864

  • SHA256

    bec53e8e538235e734a6f5e7f17f7a5c72437fda290f90e74a3a67dc006aa3e0

  • SHA512

    2bc9233aeb0b564592e31ef39c77ffeb640219dbfcb9ec33c6c9f20f85d8d293c34c3da05446d1fab2e2a97e49abf380217a8be6f00d5b1c19a4d2ffb59e6476

  • SSDEEP

    3072:uk+hmLXj/87GUkDAhFkav6mUn632MTPt0NapK8p8sWB5PaECpf3Gh:N+Ef/cGUkDukav6m+632BNapRiWECsh

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes
  • url_path

    /advdlc.php

Targets

    • Target

      bec53e8e538235e734a6f5e7f17f7a5c72437fda290f90e74a3a67dc006aa3e0

    • Size

      287KB

    • MD5

      c634ed5b386d00aa603722c1aa3f46fe

    • SHA1

      10c5f758867eb011860ef028a96d68205af8b864

    • SHA256

      bec53e8e538235e734a6f5e7f17f7a5c72437fda290f90e74a3a67dc006aa3e0

    • SHA512

      2bc9233aeb0b564592e31ef39c77ffeb640219dbfcb9ec33c6c9f20f85d8d293c34c3da05446d1fab2e2a97e49abf380217a8be6f00d5b1c19a4d2ffb59e6476

    • SSDEEP

      3072:uk+hmLXj/87GUkDAhFkav6mUn632MTPt0NapK8p8sWB5PaECpf3Gh:N+Ef/cGUkDukav6m+632BNapRiWECsh

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks