gcleaner | dbd6237361d29fada667a7db611663b2a412dadc72d1a0189dace5c2acf6d0b7 | Triage

Sharing

General

Target

JaffaCakes118_dbd6237361d29fada667a7db611663b2a412dadc72d1a0189dace5c2acf6d0b7
Size

337KB
Sample

241222-jyxj6a1jal
MD5

3997c94dba0e5fd16a29b319684cbe76
SHA1

dfd54c4259ba6aee9f7425ad1b46119abe2dccfd
SHA256

dbd6237361d29fada667a7db611663b2a412dadc72d1a0189dace5c2acf6d0b7
SHA512

de88a831b79017813cc8d2425a7369d72dd525c92308979387bbfa443ed973224ff0616483ba69c709a3eb6ef32e2d28f74fa63a6724b438ac2d25f81e9f82bd
SSDEEP

6144:BzkSHFLbOq+a/tuCNkFvI99ZxgVvJIAtosvXd3XKmZLHrSyyH9GPbj:BzkSHFXP+aluCNfZe/9T/d3XK6Drm0bj

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

45.139.105.171

85.31.46.167

107.182.129.235

171.22.30.106

Attributes

url_path
....!..../software.php

....!..../software.php

Targets

- Target
  
  JaffaCakes118_dbd6237361d29fada667a7db611663b2a412dadc72d1a0189dace5c2acf6d0b7
- Size
  
  337KB
- MD5
  
  3997c94dba0e5fd16a29b319684cbe76
- SHA1
  
  dfd54c4259ba6aee9f7425ad1b46119abe2dccfd
- SHA256
  
  dbd6237361d29fada667a7db611663b2a412dadc72d1a0189dace5c2acf6d0b7
- SHA512
  
  de88a831b79017813cc8d2425a7369d72dd525c92308979387bbfa443ed973224ff0616483ba69c709a3eb6ef32e2d28f74fa63a6724b438ac2d25f81e9f82bd
- SSDEEP
  
  6144:BzkSHFLbOq+a/tuCNkFvI99ZxgVvJIAtosvXd3XKmZLHrSyyH9GPbj:BzkSHFXP+aluCNfZe/9T/d3XK6Drm0bj
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader