General

  • Target

    fff31117cf0553890314f22b694ad3166d361e05f664061734169643e4dcceee

  • Size

    253KB

  • Sample

    240508-p6xg1sga75

  • MD5

    42629fde4dc1645eb3c87064e7f0ae13

  • SHA1

    3b5c593a3e382f2aafaa7180c8c90892bb6cf9da

  • SHA256

    fff31117cf0553890314f22b694ad3166d361e05f664061734169643e4dcceee

  • SHA512

    e1fdb1c71a2592206d6d540302ea6f5d1d6984bf974d4b348c6e96294195fe8c3e78252d4851b4a22f7ba48299003c7bebcb28936cd42ce79d0981bb0d6f982c

  • SSDEEP

    6144:Vjb8fBaKN+UatZ37apRkbFilGCeGSuhRMTov:5IknDtQnkGGCZcw

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes
  • url_path

    /advdlc.php

Targets

    • Target

      fff31117cf0553890314f22b694ad3166d361e05f664061734169643e4dcceee

    • Size

      253KB

    • MD5

      42629fde4dc1645eb3c87064e7f0ae13

    • SHA1

      3b5c593a3e382f2aafaa7180c8c90892bb6cf9da

    • SHA256

      fff31117cf0553890314f22b694ad3166d361e05f664061734169643e4dcceee

    • SHA512

      e1fdb1c71a2592206d6d540302ea6f5d1d6984bf974d4b348c6e96294195fe8c3e78252d4851b4a22f7ba48299003c7bebcb28936cd42ce79d0981bb0d6f982c

    • SSDEEP

      6144:Vjb8fBaKN+UatZ37apRkbFilGCeGSuhRMTov:5IknDtQnkGGCZcw

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks