gcleaner | 0c812c6802ac48f69ba5b932192198040a7d038bcde331428ebecca2ca6cbf2a | Triage

Sharing

General

Target

0c812c6802ac48f69ba5b932192198040a7d038bcde331428ebecca2ca6cbf2a
Size

279KB
Sample

240523-2h9hwsbf39
MD5

3dd1ebcf1d7120c17449010ccb981841
SHA1

c88c6c61bb2fcd3f31c672e479f32fc567c83579
SHA256

0c812c6802ac48f69ba5b932192198040a7d038bcde331428ebecca2ca6cbf2a
SHA512

219b817a6b8bd117bfd7acae0849f31c2c9d85f7f56148462f554658e2c239d6a6f6821bdfd345ee9862ab75a742641edfaebc7e59d901bdfa52ad6ee94b8e50
SSDEEP

3072:aGKqnDTBxkhPS/UmpJ8+098F8TpClyYJSJJZ6sDf+yZY3QLSqOZPgktALnkBqGIh:aGKOkwN828Uh4vZ6spa3QuXZPgcDUc

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

5.42.65.64

Targets

- Target
  
  0c812c6802ac48f69ba5b932192198040a7d038bcde331428ebecca2ca6cbf2a
- Size
  
  279KB
- MD5
  
  3dd1ebcf1d7120c17449010ccb981841
- SHA1
  
  c88c6c61bb2fcd3f31c672e479f32fc567c83579
- SHA256
  
  0c812c6802ac48f69ba5b932192198040a7d038bcde331428ebecca2ca6cbf2a
- SHA512
  
  219b817a6b8bd117bfd7acae0849f31c2c9d85f7f56148462f554658e2c239d6a6f6821bdfd345ee9862ab75a742641edfaebc7e59d901bdfa52ad6ee94b8e50
- SSDEEP
  
  3072:aGKqnDTBxkhPS/UmpJ8+098F8TpClyYJSJJZ6sDf+yZY3QLSqOZPgktALnkBqGIh:aGKOkwN828Uh4vZ6spa3QuXZPgcDUc
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2