General

  • Target

    015311b2a99c3a825d9c143f7e95dff72ad05574ec340122c848abe256bf40d0

  • Size

    267KB

  • Sample

    240509-jvd9eagd5v

  • MD5

    59d9e7a8d861cf97b8030a3125d3d317

  • SHA1

    bf5f925aa93d87354083e009f459828c4d64c0c0

  • SHA256

    015311b2a99c3a825d9c143f7e95dff72ad05574ec340122c848abe256bf40d0

  • SHA512

    628d17d4f6c9a63001bd7fdd80b3f8b938a67a16c35a7cf4867665b98fc783d80f3f7525f486b4e0af709161632bff64e4a8d2bfe6bce6def9fb12ae75264595

  • SSDEEP

    6144:MhL4/LnDFI+di2S2CjSic6qgmD1ayx2eJK:MB6tOpDqgmD1aydJK

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes
  • url_path

    /advdlc.php

Targets

    • Target

      015311b2a99c3a825d9c143f7e95dff72ad05574ec340122c848abe256bf40d0

    • Size

      267KB

    • MD5

      59d9e7a8d861cf97b8030a3125d3d317

    • SHA1

      bf5f925aa93d87354083e009f459828c4d64c0c0

    • SHA256

      015311b2a99c3a825d9c143f7e95dff72ad05574ec340122c848abe256bf40d0

    • SHA512

      628d17d4f6c9a63001bd7fdd80b3f8b938a67a16c35a7cf4867665b98fc783d80f3f7525f486b4e0af709161632bff64e4a8d2bfe6bce6def9fb12ae75264595

    • SSDEEP

      6144:MhL4/LnDFI+di2S2CjSic6qgmD1ayx2eJK:MB6tOpDqgmD1aydJK

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks