gcleaner | 58982d2ca066eaf3ea0ab2e7c0dde87c35b50038e69fbf80e59b67bd9fcb0255 | Triage

Sharing

General

Target

JaffaCakes118_58982d2ca066eaf3ea0ab2e7c0dde87c35b50038e69fbf80e59b67bd9fcb0255
Size

329KB
Sample

241223-2kxl4stmct
MD5

ae7211b71b8e9a5be9a27c0b166b1997
SHA1

d6018715f26818f5a9b6e9ea2dca555adf3f84e6
SHA256

58982d2ca066eaf3ea0ab2e7c0dde87c35b50038e69fbf80e59b67bd9fcb0255
SHA512

e13ea8acc2701f31917ea3374e1704ca41c757691973ad6a2bf96aa157834e332b97d7bf1b8a92b6aeda19c7c5741ed11f789e50075fb69d15c2975ea450b4b5
SSDEEP

6144:zFBHFLl2R5P4rNscbCRUuku5rWPwdf6Ix4PU6iHjnhN9p:zFBHF5k5Qpkf5rpB6ThO7p

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

45.139.105.171

85.31.46.167

107.182.129.235

171.22.30.106

Attributes

url_path
....!..../software.php

....!..../software.php

Targets

- Target
  
  JaffaCakes118_58982d2ca066eaf3ea0ab2e7c0dde87c35b50038e69fbf80e59b67bd9fcb0255
- Size
  
  329KB
- MD5
  
  ae7211b71b8e9a5be9a27c0b166b1997
- SHA1
  
  d6018715f26818f5a9b6e9ea2dca555adf3f84e6
- SHA256
  
  58982d2ca066eaf3ea0ab2e7c0dde87c35b50038e69fbf80e59b67bd9fcb0255
- SHA512
  
  e13ea8acc2701f31917ea3374e1704ca41c757691973ad6a2bf96aa157834e332b97d7bf1b8a92b6aeda19c7c5741ed11f789e50075fb69d15c2975ea450b4b5
- SSDEEP
  
  6144:zFBHFLl2R5P4rNscbCRUuku5rWPwdf6Ix4PU6iHjnhN9p:zFBHF5k5Qpkf5rpB6ThO7p
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader