gcleaner | 3909cabaae4061ab3b5ffeaf23fdbbe419de9a3d58ec7dc505c2ae91ddcb1a8c | Triage

Sharing

General

Target

3909cabaae4061ab3b5ffeaf23fdbbe419de9a3d58ec7dc505c2ae91ddcb1a8c
Size

287KB
Sample

240622-3n1cvatglq
MD5

9302856c12e8253ff564944f51380b3e
SHA1

4d8a59d66cdcbbb46ae0686116dafd112bc249d5
SHA256

3909cabaae4061ab3b5ffeaf23fdbbe419de9a3d58ec7dc505c2ae91ddcb1a8c
SHA512

966e1f3489b078422ef4292b820975cfd7a7286bf48b840eb434e78245c5890b00adfbd0029804ef5c6da07d34447d6dd525b7e5858fc7a647c496e69f8de007
SSDEEP

3072:BzUt6pKTpaHNKl09wZnDul/INY4Ub5uRmAe4SPdJ8iP1+btZXARNzn4njMXr/FLK:ymHNK61N1uAAr088Ywn4nkJHVAF23M

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  3909cabaae4061ab3b5ffeaf23fdbbe419de9a3d58ec7dc505c2ae91ddcb1a8c
- Size
  
  287KB
- MD5
  
  9302856c12e8253ff564944f51380b3e
- SHA1
  
  4d8a59d66cdcbbb46ae0686116dafd112bc249d5
- SHA256
  
  3909cabaae4061ab3b5ffeaf23fdbbe419de9a3d58ec7dc505c2ae91ddcb1a8c
- SHA512
  
  966e1f3489b078422ef4292b820975cfd7a7286bf48b840eb434e78245c5890b00adfbd0029804ef5c6da07d34447d6dd525b7e5858fc7a647c496e69f8de007
- SSDEEP
  
  3072:BzUt6pKTpaHNKl09wZnDul/INY4Ub5uRmAe4SPdJ8iP1+btZXARNzn4njMXr/FLK:ymHNK61N1uAAr088Ywn4nkJHVAF23M
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2