gcleaner | 3767b2ee0d1a481e38ec1c6b217bfd33392879df4311d5783164be806906af5e | Triage

Sharing

General

Target

3767b2ee0d1a481e38ec1c6b217bfd33392879df4311d5783164be806906af5e
Size

370KB
Sample

240614-2xbv6stbqr
MD5

7b05b08da327f7319ec4f7bdc483ada2
SHA1

e53da56d4d9580aa2c8c60b06c12c0aaad2f99c7
SHA256

3767b2ee0d1a481e38ec1c6b217bfd33392879df4311d5783164be806906af5e
SHA512

913591733718b4f362172d9785a6a8e9a84e8a910d525be03e196e863493117d3a57097700bf6726223ca38cc0d83a882aecca298b6dffde1b59a9011a13a3a3
SSDEEP

6144:SFbVdgFF9mgbKVy3iq0vFW/eqgZWZIGCSvTx:SpgEXsWELzNx

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  3767b2ee0d1a481e38ec1c6b217bfd33392879df4311d5783164be806906af5e
- Size
  
  370KB
- MD5
  
  7b05b08da327f7319ec4f7bdc483ada2
- SHA1
  
  e53da56d4d9580aa2c8c60b06c12c0aaad2f99c7
- SHA256
  
  3767b2ee0d1a481e38ec1c6b217bfd33392879df4311d5783164be806906af5e
- SHA512
  
  913591733718b4f362172d9785a6a8e9a84e8a910d525be03e196e863493117d3a57097700bf6726223ca38cc0d83a882aecca298b6dffde1b59a9011a13a3a3
- SSDEEP
  
  6144:SFbVdgFF9mgbKVy3iq0vFW/eqgZWZIGCSvTx:SpgEXsWELzNx
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2