gcleaner | 9d1a6580bc5bb994b21a305b2eb5090e43c4484db66695f16dcdbcc1fa02cc83 | Triage

Sharing

General

Target

9d1a6580bc5bb994b21a305b2eb5090e43c4484db66695f16dcdbcc1fa02cc83
Size

1.6MB
Sample

241106-wvbvhaxmfp
MD5

2ed23f81431d49e3e55df1aa29de82f8
SHA1

151e16611a179fccf3b707440ecb8ecbdd55348a
SHA256

9d1a6580bc5bb994b21a305b2eb5090e43c4484db66695f16dcdbcc1fa02cc83
SHA512

7a1f0d58630057a648483938c5dca973e772feb2dace7ab3d3168ce7f8449fd210293fe0ec6ba839ffe6b84675c2b569433016b9e2f0a0b408d2e6454bcc975b
SSDEEP

24576:hmF8SggCmm5E2bcAOFGR7gKd1Vge5rlyjgAPo+B5Jh:IF8SHnmfD7gKTVnlDAP9Bjh

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

85.208.136.148

85.208.136.56

85.208.136.48

85.208.136.87

Attributes

url_path
/x.php

/soft.php

/soft.php

Targets

- Target
  
  9d1a6580bc5bb994b21a305b2eb5090e43c4484db66695f16dcdbcc1fa02cc83
- Size
  
  1.6MB
- MD5
  
  2ed23f81431d49e3e55df1aa29de82f8
- SHA1
  
  151e16611a179fccf3b707440ecb8ecbdd55348a
- SHA256
  
  9d1a6580bc5bb994b21a305b2eb5090e43c4484db66695f16dcdbcc1fa02cc83
- SHA512
  
  7a1f0d58630057a648483938c5dca973e772feb2dace7ab3d3168ce7f8449fd210293fe0ec6ba839ffe6b84675c2b569433016b9e2f0a0b408d2e6454bcc975b
- SSDEEP
  
  24576:hmF8SggCmm5E2bcAOFGR7gKd1Vge5rlyjgAPo+B5Jh:IF8SHnmfD7gKTVnlDAP9Bjh
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader