gcleaner | 1680a60bd835114fb5743442f4081a9d04a807c80ce8329ec164dd1c88d24760 | Triage

Sharing

General

Target

1680a60bd835114fb5743442f4081a9d04a807c80ce8329ec164dd1c88d24760
Size

365KB
Sample

240614-ppqyxavapk
MD5

f86885e07691a79067770bb858681291
SHA1

7655b25a3c1865568a37a0f5aa4019b2e210f7e3
SHA256

1680a60bd835114fb5743442f4081a9d04a807c80ce8329ec164dd1c88d24760
SHA512

8530bc873fcbf8129d3c5486e2ed375ac90298e6005261b064846e74bfc5a2693e53b5f1f2d5fef03b97d1815a65e6f373d3942e04eefea920d395ffcb162ebd
SSDEEP

3072:3wO3MlBEfpsC1Ti94hImfoc3NHE5V59JkVGfMKina5ZNS+nOlfNr+1MzHmmbbSol:3waMX5WTiF7cWKaU+nOlGMbxSdTy

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  1680a60bd835114fb5743442f4081a9d04a807c80ce8329ec164dd1c88d24760
- Size
  
  365KB
- MD5
  
  f86885e07691a79067770bb858681291
- SHA1
  
  7655b25a3c1865568a37a0f5aa4019b2e210f7e3
- SHA256
  
  1680a60bd835114fb5743442f4081a9d04a807c80ce8329ec164dd1c88d24760
- SHA512
  
  8530bc873fcbf8129d3c5486e2ed375ac90298e6005261b064846e74bfc5a2693e53b5f1f2d5fef03b97d1815a65e6f373d3942e04eefea920d395ffcb162ebd
- SSDEEP
  
  3072:3wO3MlBEfpsC1Ti94hImfoc3NHE5V59JkVGfMKina5ZNS+nOlfNr+1MzHmmbbSol:3waMX5WTiF7cWKaU+nOlGMbxSdTy
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2