General

  • Target

    b75d214b63d0734fed2ac9696aef837a0ba943e61b88cdbb70dfe5785990d6b2

  • Size

    254KB

  • Sample

    240520-e5dy6sbg53

  • MD5

    95afdb60ce8d55d2c6951b6ac446ac29

  • SHA1

    1159603632c1fac14757334e0815f39fb9aab21d

  • SHA256

    b75d214b63d0734fed2ac9696aef837a0ba943e61b88cdbb70dfe5785990d6b2

  • SHA512

    3c5e30f2d987b4e1060bb757ae57e6f6dfd4fadc6d9dc4e2371931bbb8d89fda4f0c2158c77f956c3df403471f1e8af2cf4ce290795564cda4e43ea82c6d37c9

  • SSDEEP

    3072:t8JOtnYpqla9sPt3+OnoRmg59WF8jY90v3CbmpXupTquyAEJxtMjaE+Z40UUW:tVnyGzh9KPFlDn+jaE+Z40

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes
  • url_path

    /advdlc.php

Targets

    • Target

      b75d214b63d0734fed2ac9696aef837a0ba943e61b88cdbb70dfe5785990d6b2

    • Size

      254KB

    • MD5

      95afdb60ce8d55d2c6951b6ac446ac29

    • SHA1

      1159603632c1fac14757334e0815f39fb9aab21d

    • SHA256

      b75d214b63d0734fed2ac9696aef837a0ba943e61b88cdbb70dfe5785990d6b2

    • SHA512

      3c5e30f2d987b4e1060bb757ae57e6f6dfd4fadc6d9dc4e2371931bbb8d89fda4f0c2158c77f956c3df403471f1e8af2cf4ce290795564cda4e43ea82c6d37c9

    • SSDEEP

      3072:t8JOtnYpqla9sPt3+OnoRmg59WF8jY90v3CbmpXupTquyAEJxtMjaE+Z40UUW:tVnyGzh9KPFlDn+jaE+Z40

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks