gcleaner | 5b0a6a425ebb7c906f9c8620aeee6b23960a5872eadf55452c83c9ce55b3ada3 | Triage

Sharing

General

Target

5b0a6a425ebb7c906f9c8620aeee6b23960a5872eadf55452c83c9ce55b3ada3
Size

371KB
Sample

240614-2tpb4ataqq
MD5

c78265f755c632c82950570986e06b48
SHA1

72b0b1acd54885ab285571b6695c01950df1e102
SHA256

5b0a6a425ebb7c906f9c8620aeee6b23960a5872eadf55452c83c9ce55b3ada3
SHA512

36aa25365ef768ab4f398469c1ad6093b694390e6e7e2612e8159295eaffde42cb31d9aff04e94abfe02cb6301a10300cdd79f8494e30a384af0f4003e614548
SSDEEP

6144:sFbBWI2WVFS3Yn6si8Cgy7/9CxQzBaU4IQFHGhjxLSvTx:s/2Z3Yn6siZJJCxftIQFmhjxWx

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  5b0a6a425ebb7c906f9c8620aeee6b23960a5872eadf55452c83c9ce55b3ada3
- Size
  
  371KB
- MD5
  
  c78265f755c632c82950570986e06b48
- SHA1
  
  72b0b1acd54885ab285571b6695c01950df1e102
- SHA256
  
  5b0a6a425ebb7c906f9c8620aeee6b23960a5872eadf55452c83c9ce55b3ada3
- SHA512
  
  36aa25365ef768ab4f398469c1ad6093b694390e6e7e2612e8159295eaffde42cb31d9aff04e94abfe02cb6301a10300cdd79f8494e30a384af0f4003e614548
- SSDEEP
  
  6144:sFbBWI2WVFS3Yn6si8Cgy7/9CxQzBaU4IQFHGhjxLSvTx:s/2Z3Yn6siZJJCxftIQFmhjxWx
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2