General

  • Target

    9f3d2cb7a610df4d477a5ab11f5a3117058ab1dc5595731c8e11c2bbb3b79f56

  • Size

    267KB

  • Sample

    240509-lm78maea99

  • MD5

    4fd093398703ef63582547698a766652

  • SHA1

    6b6e8763314febc2863868d89fda1c59f766c0ea

  • SHA256

    9f3d2cb7a610df4d477a5ab11f5a3117058ab1dc5595731c8e11c2bbb3b79f56

  • SHA512

    2bd4867a7b8feec94cbe422f7ddcab6aaa1889b3f5b7372f415413d6e17a5b139400d9bafa5831de1a4ebbd84e24deb519b7d22ca9d138af25b88875a1f622d9

  • SSDEEP

    3072:CUusXjYPvwMbf9/D+9r3TELiijvS3H4SnvrHS3nkDSeF06004cSBT5CMGsBkJQlP:JuwYVq98Lly/vrMky6ycSGWeJK

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes
  • url_path

    /advdlc.php

Targets

    • Target

      9f3d2cb7a610df4d477a5ab11f5a3117058ab1dc5595731c8e11c2bbb3b79f56

    • Size

      267KB

    • MD5

      4fd093398703ef63582547698a766652

    • SHA1

      6b6e8763314febc2863868d89fda1c59f766c0ea

    • SHA256

      9f3d2cb7a610df4d477a5ab11f5a3117058ab1dc5595731c8e11c2bbb3b79f56

    • SHA512

      2bd4867a7b8feec94cbe422f7ddcab6aaa1889b3f5b7372f415413d6e17a5b139400d9bafa5831de1a4ebbd84e24deb519b7d22ca9d138af25b88875a1f622d9

    • SSDEEP

      3072:CUusXjYPvwMbf9/D+9r3TELiijvS3H4SnvrHS3nkDSeF06004cSBT5CMGsBkJQlP:JuwYVq98Lly/vrMky6ycSGWeJK

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks