gcleaner | c4c8ed1f36cc7c964d45fe8581f9d44a2b71df2d3e898710191a1cdc9776d01c | Triage

Sharing

General

Target

c4c8ed1f36cc7c964d45fe8581f9d44a2b71df2d3e898710191a1cdc9776d01c
Size

282KB
Sample

240622-nnentazfpn
MD5

30c08d35b8313b68f98506e6e050d8aa
SHA1

840d648bf39050078301374b22ccfb00881c84f4
SHA256

c4c8ed1f36cc7c964d45fe8581f9d44a2b71df2d3e898710191a1cdc9776d01c
SHA512

786da950b8e57f769dbb1036268c0c137eaf53dab0fe20b158521f0a921c8b58f07b7aa80d05919beb9dac713c5d48a8bd3f209fcc033cf81ece84a8c70ef16d
SSDEEP

6144:MenNKz5S8ALzqLL594MMO5Uh5MufHPtBcUD9TdVVF23M:MenNKzj82rxY5MaVBcUDda3

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  c4c8ed1f36cc7c964d45fe8581f9d44a2b71df2d3e898710191a1cdc9776d01c
- Size
  
  282KB
- MD5
  
  30c08d35b8313b68f98506e6e050d8aa
- SHA1
  
  840d648bf39050078301374b22ccfb00881c84f4
- SHA256
  
  c4c8ed1f36cc7c964d45fe8581f9d44a2b71df2d3e898710191a1cdc9776d01c
- SHA512
  
  786da950b8e57f769dbb1036268c0c137eaf53dab0fe20b158521f0a921c8b58f07b7aa80d05919beb9dac713c5d48a8bd3f209fcc033cf81ece84a8c70ef16d
- SSDEEP
  
  6144:MenNKz5S8ALzqLL594MMO5Uh5MufHPtBcUD9TdVVF23M:MenNKzj82rxY5MaVBcUDda3
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2