gcleaner | 107b0f6309556e554920348ba357bc8a786cd0177baf192ace5e85d0f3e1340c | Triage

Sharing

General

Target

JaffaCakes118_107b0f6309556e554920348ba357bc8a786cd0177baf192ace5e85d0f3e1340c
Size

231KB
Sample

241223-rdbqys1qen
MD5

ce3bfacb1ee437c56c59cd9a2be054b0
SHA1

fb2a60a6bf5f670e4b8f9384c8b94879ef5656f0
SHA256

107b0f6309556e554920348ba357bc8a786cd0177baf192ace5e85d0f3e1340c
SHA512

ee2260319037e7a4874e98aa6474ef0b915a4241cd63c5dc5c2eca109407d532ff39c7c4689bc2be043f1df27a5d8cd6b11710bcb01aced65da5eec3783b18db
SSDEEP

6144:9kKDECDuHm4G+kN4kEhTcjBsphdHnxzjUjgl:9DiG4NNT6B2fzjU8l

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

45.139.105.171

85.31.46.167

107.182.129.235

171.22.30.106

Attributes

url_path
....!..../software.php

....!..../software.php

Targets

- Target
  
  93d3a708df2aa28a4572e3ea41b2a14b2b5bb89ff7056bcf138708055f80c133
- Size
  
  309KB
- MD5
  
  4812aba293bb51ad32726172e38aa8b2
- SHA1
  
  dbc16b471a5b85f0e0bd8e44ad78ef01de25ca85
- SHA256
  
  93d3a708df2aa28a4572e3ea41b2a14b2b5bb89ff7056bcf138708055f80c133
- SHA512
  
  fa3b2b731118c2d733f80a00b43bed2c39b836c408540da87f734bdad1ae0e9c8199fb8dadbb263c68fe0d5432ff909e4556eaff152875c56dc4a0e507c29c3e
- SSDEEP
  
  6144:GowJdLOgxzCVC7kN4kahTcjBsfhdLnxzjUjJ7luv:GowJdigxzsCBZT6BGnzjUK
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader