gcleaner | 6ff58a814e2b1bf5c8901cb505f6828ec121aa6b3be49cf4eafe8f5d31d8a532 | Triage

Sharing

General

Target

6ff58a814e2b1bf5c8901cb505f6828ec121aa6b3be49cf4eafe8f5d31d8a532
Size

2.1MB
Sample

241002-vp2cja1ejg
MD5

42de07a7e1fb7ad83392330465c29144
SHA1

0f9bce02cff35c4acaeb5845d3991b077eb70c64
SHA256

6ff58a814e2b1bf5c8901cb505f6828ec121aa6b3be49cf4eafe8f5d31d8a532
SHA512

675ba03ea55ed3bd6ccde951eeff9ae292c639c8da3038ef54b3973307111e9781ba2a0d5b834326a5d876bb8e575c4c2d500d458d4fcdb16c4114173f78ea3f
SSDEEP

24576:gezTCz8rsD2FZ/NKly7Kcx2I68fu41+Nj+j4uNzl6dVAwbv14kjLP4gq2jqnRA9x:J3FZ/7KcPk+PNMZvTQgKRyQw

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

208.67.106.156

87.251.71.107

193.151.183.73

208.67.104.141

Attributes

url_path
/i.php

/get.php

/setup.php

/setup.php

Targets

- Target
  
  6ff58a814e2b1bf5c8901cb505f6828ec121aa6b3be49cf4eafe8f5d31d8a532
- Size
  
  2.1MB
- MD5
  
  42de07a7e1fb7ad83392330465c29144
- SHA1
  
  0f9bce02cff35c4acaeb5845d3991b077eb70c64
- SHA256
  
  6ff58a814e2b1bf5c8901cb505f6828ec121aa6b3be49cf4eafe8f5d31d8a532
- SHA512
  
  675ba03ea55ed3bd6ccde951eeff9ae292c639c8da3038ef54b3973307111e9781ba2a0d5b834326a5d876bb8e575c4c2d500d458d4fcdb16c4114173f78ea3f
- SSDEEP
  
  24576:gezTCz8rsD2FZ/NKly7Kcx2I68fu41+Nj+j4uNzl6dVAwbv14kjLP4gq2jqnRA9x:J3FZ/7KcPk+PNMZvTQgKRyQw
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader