General

  • Target

    dececa666d83bb8f036784aeba5c2597172e79f72070cbb6c6b9d4767b42ddb1

  • Size

    2.9MB

  • Sample

    241213-cl2vsavngs

  • MD5

    0c53afecbbd3f407b034f4cc00cf1312

  • SHA1

    e403b62044287540ab7686656a98561f9b959ecc

  • SHA256

    dececa666d83bb8f036784aeba5c2597172e79f72070cbb6c6b9d4767b42ddb1

  • SHA512

    d796f40d4581462bc29374cb8a1164ea8af58107e8be1b19e6a85faff0cc66c080f2e0656243dccb8dd6198ff474e4e9e50e3bc7ab04edd1c480be3041e370a1

  • SSDEEP

    49152:9m8e/DRmWNtmMOWIzLpfJP4/c+gGwzXCCAcM5dzDcoe9:pe/DRmWNtmMZIzLpfJQ/TgGwzXCCAcM6

Malware Config

Extracted

Family

gcleaner

C2

62.197.136.41

87.251.71.107

62.197.136.196

2.56.57.69

Attributes
  • url_path

    /i.php

    /get.php

    /setup.php

    /setup.php

Targets

    • Target

      dececa666d83bb8f036784aeba5c2597172e79f72070cbb6c6b9d4767b42ddb1

    • Size

      2.9MB

    • MD5

      0c53afecbbd3f407b034f4cc00cf1312

    • SHA1

      e403b62044287540ab7686656a98561f9b959ecc

    • SHA256

      dececa666d83bb8f036784aeba5c2597172e79f72070cbb6c6b9d4767b42ddb1

    • SHA512

      d796f40d4581462bc29374cb8a1164ea8af58107e8be1b19e6a85faff0cc66c080f2e0656243dccb8dd6198ff474e4e9e50e3bc7ab04edd1c480be3041e370a1

    • SSDEEP

      49152:9m8e/DRmWNtmMOWIzLpfJP4/c+gGwzXCCAcM5dzDcoe9:pe/DRmWNtmMZIzLpfJQ/TgGwzXCCAcM6

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Gcleaner family

MITRE ATT&CK Enterprise v15

Tasks