gcleaner | 40b7a5547cb78ab089be4eb83f00581450b75a8d52fdedb0f01f4c254642126e | Triage

Sharing

General

Target

40b7a5547cb78ab089be4eb83f00581450b75a8d52fdedb0f01f4c254642126e
Size

269KB
Sample

240523-3a1rfsda99
MD5

9cdfb58a788ef0de72a1a0bf67abb5d8
SHA1

28a02c8e8224fe6cb02c34cc7c9a3f48da8a6fef
SHA256

40b7a5547cb78ab089be4eb83f00581450b75a8d52fdedb0f01f4c254642126e
SHA512

1871dd359b5be3b93891223dfc5ddf0cf8d2b348b81a6839d3dfaced45a61e1b5a25a36d35c214d575cdf5094c42f0dc738c37c4037a6fab47ac2011b03fc8af
SSDEEP

3072:ptTEKScbbDXlgK2l56N6VEeVOuc3wNIF1pgGGbPY7X8f6kgo050uf9IOCXZ:wKN2eAhOAIFUvwAf6kgsufG

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes

url_path
/advdlc.php

Targets

- Target
  
  40b7a5547cb78ab089be4eb83f00581450b75a8d52fdedb0f01f4c254642126e
- Size
  
  269KB
- MD5
  
  9cdfb58a788ef0de72a1a0bf67abb5d8
- SHA1
  
  28a02c8e8224fe6cb02c34cc7c9a3f48da8a6fef
- SHA256
  
  40b7a5547cb78ab089be4eb83f00581450b75a8d52fdedb0f01f4c254642126e
- SHA512
  
  1871dd359b5be3b93891223dfc5ddf0cf8d2b348b81a6839d3dfaced45a61e1b5a25a36d35c214d575cdf5094c42f0dc738c37c4037a6fab47ac2011b03fc8af
- SSDEEP
  
  3072:ptTEKScbbDXlgK2l56N6VEeVOuc3wNIF1pgGGbPY7X8f6kgo050uf9IOCXZ:wKN2eAhOAIFUvwAf6kgsufG
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2