gcleaner | ac2ca8f0f447c0321caced59c99dc4076d957ce86c35ccc516ad0212f9b3fb4e | Triage

Sharing

General

Target

ac2ca8f0f447c0321caced59c99dc4076d957ce86c35ccc516ad0212f9b3fb4e
Size

383KB
Sample

240616-kaymzswfng
MD5

d94fa42cdcc2a9eae3b70a7350b169f9
SHA1

6d61e4bab0e98948ee98d0a6ef27ca6109d671f4
SHA256

ac2ca8f0f447c0321caced59c99dc4076d957ce86c35ccc516ad0212f9b3fb4e
SHA512

d45776fd7295b63af8deb3c5e53132ccb9a5bd054f88aaaeb919c626064c117a0bc92cec2ae19b4f3dc7d1f0323b2290d11a8b8a982319b947a020fc600112c7
SSDEEP

6144:GvaISkrkbFQuI4UI8Px2Cr7ob8Rk4QcQTXjIOubTh:EhZwbl6UCPMgk4QcQXj/8

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  ac2ca8f0f447c0321caced59c99dc4076d957ce86c35ccc516ad0212f9b3fb4e
- Size
  
  383KB
- MD5
  
  d94fa42cdcc2a9eae3b70a7350b169f9
- SHA1
  
  6d61e4bab0e98948ee98d0a6ef27ca6109d671f4
- SHA256
  
  ac2ca8f0f447c0321caced59c99dc4076d957ce86c35ccc516ad0212f9b3fb4e
- SHA512
  
  d45776fd7295b63af8deb3c5e53132ccb9a5bd054f88aaaeb919c626064c117a0bc92cec2ae19b4f3dc7d1f0323b2290d11a8b8a982319b947a020fc600112c7
- SSDEEP
  
  6144:GvaISkrkbFQuI4UI8Px2Cr7ob8Rk4QcQTXjIOubTh:EhZwbl6UCPMgk4QcQXj/8
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2