General

  • Target

    4ae8ad0a04b45d80eded613cf8a6ec7b21df118d04212ab9d07a089de6d189de

  • Size

    249KB

  • Sample

    240509-c6ldjaeb4s

  • MD5

    6f5a876f3c7d477481bb4c35f3a31c66

  • SHA1

    6a000e3565bb51b0fbb45570263c26c932d647c4

  • SHA256

    4ae8ad0a04b45d80eded613cf8a6ec7b21df118d04212ab9d07a089de6d189de

  • SHA512

    8d32fb590aa0ddca774c98e6498afa54d4c287b5d3aa4a5734ff5de7f41fad34f9ffb957782ac1d2897190da6fbbaa7ac49846c7ee92a98e77078a01d5c22c54

  • SSDEEP

    3072:68oU27Dg33VXjeiP+PRzzhNzScsWjpwBp7unmeC9mjmRSJHiLYajanjgTM1eQ:mQ0YIqt7unmeymjmoHiLYajajgTB

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes
  • url_path

    /advdlc.php

Targets

    • Target

      4ae8ad0a04b45d80eded613cf8a6ec7b21df118d04212ab9d07a089de6d189de

    • Size

      249KB

    • MD5

      6f5a876f3c7d477481bb4c35f3a31c66

    • SHA1

      6a000e3565bb51b0fbb45570263c26c932d647c4

    • SHA256

      4ae8ad0a04b45d80eded613cf8a6ec7b21df118d04212ab9d07a089de6d189de

    • SHA512

      8d32fb590aa0ddca774c98e6498afa54d4c287b5d3aa4a5734ff5de7f41fad34f9ffb957782ac1d2897190da6fbbaa7ac49846c7ee92a98e77078a01d5c22c54

    • SSDEEP

      3072:68oU27Dg33VXjeiP+PRzzhNzScsWjpwBp7unmeC9mjmRSJHiLYajanjgTM1eQ:mQ0YIqt7unmeymjmoHiLYajajgTB

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks