gcleaner | 1630e119606248008f61e657f22956149e788ee19f2acafb671cced1d8bafb26 | Triage

Sharing

General

Target

JaffaCakes118_1630e119606248008f61e657f22956149e788ee19f2acafb671cced1d8bafb26
Size

227KB
Sample

241222-1nyg5sznfy
MD5

5dc6539f20abe1592a2082ba0a853b45
SHA1

b93b8020392645244bf1eb1a4a558977d70326ba
SHA256

1630e119606248008f61e657f22956149e788ee19f2acafb671cced1d8bafb26
SHA512

2ba55179ad8afdbcca2e6154365a3a9a3185d29cea4f57e197974102305cc61c5e73177d6d97ced1be6a53ec2860ffa5c0c48a637c426ebfb4e2851ce3823a50
SSDEEP

6144:rPlgihyU9Em9BBAzqNWrqCZuPqx6xEqaHaLstFla:FyUtF6qNk6qx6OqaHdtFE

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

45.139.105.171

85.31.46.167

107.182.129.235

171.22.30.106

Attributes

url_path
....!..../software.php

....!..../software.php

Targets

- Target
  
  1f2a51449152ba8977835c38afab04ba82e9e667ff355dc60abf5891df176886
- Size
  
  329KB
- MD5
  
  df9c8fc7b54e0ee38489c139dbc60384
- SHA1
  
  58d5a3b3fbfc025f5f1a715f63be5011e276f53f
- SHA256
  
  1f2a51449152ba8977835c38afab04ba82e9e667ff355dc60abf5891df176886
- SHA512
  
  6b7e13a412d79719e38f30a686cba28b53032a3fbc2c663f65553e6e91c90917f110cda4823e02a134cd182798b710b30b1f207871c9098a6f96fcccdd3d36e3
- SSDEEP
  
  6144:2kBiIOGLwhajEt5zqNWrqCxuPqx6xiqapHg+lskFY:XBlOG2ajq5qNkSqx6wqa/PFY
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader