General

  • Target

    cea911c0253ed12a903c7f095ad2cf9588548511ad1170ced3ab71c3f7e9d48e

  • Size

    230KB

  • Sample

    240509-l7wekacd6x

  • MD5

    8b867ffb60638c6bfc7af4bddbf0d0ce

  • SHA1

    be8cbbe6f2b61546a068e36f2b85a51c72e9dd88

  • SHA256

    cea911c0253ed12a903c7f095ad2cf9588548511ad1170ced3ab71c3f7e9d48e

  • SHA512

    c140132cc5f01a66d75e36a5804f9e89f268983774e7b3e8cc15df74e5c8c88e93d8a92d1fb9ba250d5738cf97dab2dbbb95396d92f33baef8469092a716a8dc

  • SSDEEP

    3072:8Rlml6OCy4UQkdfx7rXaWyHTW+DhNAE2CRfsQ5ixtnGB/RUnSLd54/QVv10:omlZQa7+WCiIMPCRUQ5kGpuSLd51

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes
  • url_path

    /advdlc.php

Targets

    • Target

      cea911c0253ed12a903c7f095ad2cf9588548511ad1170ced3ab71c3f7e9d48e

    • Size

      230KB

    • MD5

      8b867ffb60638c6bfc7af4bddbf0d0ce

    • SHA1

      be8cbbe6f2b61546a068e36f2b85a51c72e9dd88

    • SHA256

      cea911c0253ed12a903c7f095ad2cf9588548511ad1170ced3ab71c3f7e9d48e

    • SHA512

      c140132cc5f01a66d75e36a5804f9e89f268983774e7b3e8cc15df74e5c8c88e93d8a92d1fb9ba250d5738cf97dab2dbbb95396d92f33baef8469092a716a8dc

    • SSDEEP

      3072:8Rlml6OCy4UQkdfx7rXaWyHTW+DhNAE2CRfsQ5ixtnGB/RUnSLd54/QVv10:omlZQa7+WCiIMPCRUQ5kGpuSLd51

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks