gcleaner | 5a299bfd024af02e9cb7ac020a520cec54d8018bdf3ba69d4bf0425fbd06cff6 | Triage

Sharing

General

Target

JaffaCakes118_5a299bfd024af02e9cb7ac020a520cec54d8018bdf3ba69d4bf0425fbd06cff6
Size

305KB
Sample

241222-dyqtqa1qaz
MD5

e4a0faa97aeecdeb22fd07c4aed646a7
SHA1

44b18ea006bad960d7a664c4d94cf0cfd02a0a69
SHA256

5a299bfd024af02e9cb7ac020a520cec54d8018bdf3ba69d4bf0425fbd06cff6
SHA512

7581180311535beb846e24a00ff00b2bb833a209594c61dc7384d249fa1c9fa13f833f6595b7e8d55ed2aa143227eb67274edf12a6780ede878ce6af1f1e4bb4
SSDEEP

6144:ZumJPb4LLi/eZ7/+EX7JefxxiHn9/zcgTJM6w9bLrSe9E0z:4mJj4vuelVX7kf+H99IrTN

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

45.139.105.171

85.31.46.167

107.182.129.235

171.22.30.106

Attributes

url_path
....!..../software.php

....!..../software.php

Targets

- Target
  
  JaffaCakes118_5a299bfd024af02e9cb7ac020a520cec54d8018bdf3ba69d4bf0425fbd06cff6
- Size
  
  305KB
- MD5
  
  e4a0faa97aeecdeb22fd07c4aed646a7
- SHA1
  
  44b18ea006bad960d7a664c4d94cf0cfd02a0a69
- SHA256
  
  5a299bfd024af02e9cb7ac020a520cec54d8018bdf3ba69d4bf0425fbd06cff6
- SHA512
  
  7581180311535beb846e24a00ff00b2bb833a209594c61dc7384d249fa1c9fa13f833f6595b7e8d55ed2aa143227eb67274edf12a6780ede878ce6af1f1e4bb4
- SSDEEP
  
  6144:ZumJPb4LLi/eZ7/+EX7JefxxiHn9/zcgTJM6w9bLrSe9E0z:4mJj4vuelVX7kf+H99IrTN
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader