gcleaner | 31facda395b8d5c1637a63feef12e2bb9a0344795a9fc2ac61b7eae16720c1e2 | Triage

Sharing

General

Target

31facda395b8d5c1637a63feef12e2bb9a0344795a9fc2ac61b7eae16720c1e2
Size

399KB
Sample

240609-gef2ysfc34
MD5

de867cf6b66591aaef485341ba1bf8c2
SHA1

48d185c213ef8412cfe054b37198ad7f7c96fa7a
SHA256

31facda395b8d5c1637a63feef12e2bb9a0344795a9fc2ac61b7eae16720c1e2
SHA512

0235cf32fb11c380910d4e169779c49fcba56e1cd8a1671adfa35628ec397710b607cfca252f8d8de4e66095c340370a8ff233d26079e77ff583c8f23bb2b0b3
SSDEEP

6144:G42LbkKRpy7arjYFo1nR4XP9NjG8NW1M24GBrOdFS:KXkYGa/x5RyVN61eTGBrO2

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  31facda395b8d5c1637a63feef12e2bb9a0344795a9fc2ac61b7eae16720c1e2
- Size
  
  399KB
- MD5
  
  de867cf6b66591aaef485341ba1bf8c2
- SHA1
  
  48d185c213ef8412cfe054b37198ad7f7c96fa7a
- SHA256
  
  31facda395b8d5c1637a63feef12e2bb9a0344795a9fc2ac61b7eae16720c1e2
- SHA512
  
  0235cf32fb11c380910d4e169779c49fcba56e1cd8a1671adfa35628ec397710b607cfca252f8d8de4e66095c340370a8ff233d26079e77ff583c8f23bb2b0b3
- SSDEEP
  
  6144:G42LbkKRpy7arjYFo1nR4XP9NjG8NW1M24GBrOdFS:KXkYGa/x5RyVN61eTGBrO2
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2