gcleaner | db153845e52a1f2ed5bde74cdfc0f8e785de696925666dfbaaa6f2732ce3d288 | Triage

Sharing

General

Target

JaffaCakes118_db153845e52a1f2ed5bde74cdfc0f8e785de696925666dfbaaa6f2732ce3d288
Size

324KB
Sample

241221-x8vp7sxpaq
MD5

d6fb857fefec0224cb78881f07cb9add
SHA1

7cca7137939e790f68837a53ef743f8da6845956
SHA256

db153845e52a1f2ed5bde74cdfc0f8e785de696925666dfbaaa6f2732ce3d288
SHA512

b0c42f463dcb8edbd11bf6ef0bdb811f6a4709ada108706bbb3465f28df4eb3b2e988ac969b1f767be465392e699ac4bc541bf6a2ddab2317a2f46a6b71c9882
SSDEEP

6144:08joYyr3zVjrmnfhK5bvKHQESIdI6oBiDSSay:08jwr3zJMWKHQUmXyn

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

45.139.105.171

85.31.46.167

107.182.129.235

171.22.30.106

Attributes

url_path
....!..../software.php

....!..../software.php

Targets

- Target
  
  JaffaCakes118_db153845e52a1f2ed5bde74cdfc0f8e785de696925666dfbaaa6f2732ce3d288
- Size
  
  324KB
- MD5
  
  d6fb857fefec0224cb78881f07cb9add
- SHA1
  
  7cca7137939e790f68837a53ef743f8da6845956
- SHA256
  
  db153845e52a1f2ed5bde74cdfc0f8e785de696925666dfbaaa6f2732ce3d288
- SHA512
  
  b0c42f463dcb8edbd11bf6ef0bdb811f6a4709ada108706bbb3465f28df4eb3b2e988ac969b1f767be465392e699ac4bc541bf6a2ddab2317a2f46a6b71c9882
- SSDEEP
  
  6144:08joYyr3zVjrmnfhK5bvKHQESIdI6oBiDSSay:08jwr3zJMWKHQUmXyn
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader