gcleaner | 7c506d65fa9d1c3e00796777d8516dfdca8d975c03cd7542b485be6064bb4934 | Triage

Sharing

General

Target

JaffaCakes118_7c506d65fa9d1c3e00796777d8516dfdca8d975c03cd7542b485be6064bb4934
Size

324KB
Sample

241222-khymys1mcv
MD5

32e769af31bd04eaf3d67dc674e94356
SHA1

a12e0d84642174ae9fc5308bee1dc1c6cdce832e
SHA256

7c506d65fa9d1c3e00796777d8516dfdca8d975c03cd7542b485be6064bb4934
SHA512

1a0b1be06ee1c2cd82074131fc9012bb75830d3dd69b4f0fad8dafa4906a67d39a1b72945350b65d06bb553874357785a8eb74d094d26dc963314ffce39a99d4
SSDEEP

6144:HAIzXLEMwbeM+N9XqSGuXSV9I3I0KEGMMs+bYYsG08a5:HAuzwbeM+vqHKKO52YO08W

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

45.139.105.171

85.31.46.167

107.182.129.235

171.22.30.106

Attributes

url_path
....!..../software.php

....!..../software.php

Targets

- Target
  
  JaffaCakes118_7c506d65fa9d1c3e00796777d8516dfdca8d975c03cd7542b485be6064bb4934
- Size
  
  324KB
- MD5
  
  32e769af31bd04eaf3d67dc674e94356
- SHA1
  
  a12e0d84642174ae9fc5308bee1dc1c6cdce832e
- SHA256
  
  7c506d65fa9d1c3e00796777d8516dfdca8d975c03cd7542b485be6064bb4934
- SHA512
  
  1a0b1be06ee1c2cd82074131fc9012bb75830d3dd69b4f0fad8dafa4906a67d39a1b72945350b65d06bb553874357785a8eb74d094d26dc963314ffce39a99d4
- SSDEEP
  
  6144:HAIzXLEMwbeM+N9XqSGuXSV9I3I0KEGMMs+bYYsG08a5:HAuzwbeM+vqHKKO52YO08W
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader