gcleaner | de90bac4129ff264b8b6b68f3d03f5ae2a0bc830fe3519ddd970580d7836b352 | Triage

Sharing

General

Target

d2cb2c4500e5de56bf8255e34610a8c0_JaffaCakes118
Size

430KB
Sample

240907-ze9clstejr
MD5

d2cb2c4500e5de56bf8255e34610a8c0
SHA1

35f1ee92571f47828e822f621783d67d6252b1d2
SHA256

de90bac4129ff264b8b6b68f3d03f5ae2a0bc830fe3519ddd970580d7836b352
SHA512

8c9db4eb14328b286b82e40e86814aa48b21d48b06c4a4929208c419a9f5b98414ab1f18d227b21dc9233187d284a2e0f0a3dbc221b2020a41f148b988482696
SSDEEP

12288:vB3F2de/oZcYi9HvuVQknab8m0p7vxWA:vFYdeccYi9H2yknPp7gA

Score

10^/10

gcleaner discovery loader

Malware Config

Targets

- Target
  
  d2cb2c4500e5de56bf8255e34610a8c0_JaffaCakes118
- Size
  
  430KB
- MD5
  
  d2cb2c4500e5de56bf8255e34610a8c0
- SHA1
  
  35f1ee92571f47828e822f621783d67d6252b1d2
- SHA256
  
  de90bac4129ff264b8b6b68f3d03f5ae2a0bc830fe3519ddd970580d7836b352
- SHA512
  
  8c9db4eb14328b286b82e40e86814aa48b21d48b06c4a4929208c419a9f5b98414ab1f18d227b21dc9233187d284a2e0f0a3dbc221b2020a41f148b988482696
- SSDEEP
  
  12288:vB3F2de/oZcYi9HvuVQknab8m0p7vxWA:vFYdeccYi9H2yknPp7gA
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader