gcleaner | 1c34bbfc7ec288b93a56e3908cdc9a8c086ce98af78ced10e8a6135bdd50002c | Triage

Sharing

General

Target

JaffaCakes118_1c34bbfc7ec288b93a56e3908cdc9a8c086ce98af78ced10e8a6135bdd50002c
Size

186KB
Sample

241224-q3485ayphl
MD5

62a113b53436113a6f0789645654c797
SHA1

632ea355b1bbb8d4eaddd17b3b6a53c6e37bd8b2
SHA256

1c34bbfc7ec288b93a56e3908cdc9a8c086ce98af78ced10e8a6135bdd50002c
SHA512

81b82d6748fe55eaf39cd003e0c817ea015e9a36ba272f9e0d970f0e87428723ab73c1735abcdd64a6886765e72c9e08c191f45d51df85f13c6db2f6fb64e9a9
SSDEEP

3072:5HBNSPzU4stkjEUyBeKmI+NXSncMAqqEgAkbnSUtAZxJuayvtilx5L9X:5mPzvNgAKmI+NXIAVxbnSUWovix5Lh

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

208.67.104.97

85.31.46.167

107.182.129.235

171.22.30.106

Targets

- Target
  
  73bde03add63bcab4ae7a671d47f05eb223b4cd65e4599d3bd66cc57418367e8
- Size
  
  245KB
- MD5
  
  eaa7c9d6dcdb8a2a2f6a8d629244cd62
- SHA1
  
  bc7f4160782cda107fbb336310ed16c4b58ba14a
- SHA256
  
  73bde03add63bcab4ae7a671d47f05eb223b4cd65e4599d3bd66cc57418367e8
- SHA512
  
  9a3a2c800eb5a4e93d0e7cc2c6595cc65c5f2b6e6fcb9be1b78e2d87e304adc9da3fec196f65d5d6ad665bc4016d33d3b1f1d683717432d3da5e51925a7716dd
- SSDEEP
  
  6144:e6on120/aVggIKmI+NXIAVxbVSUWovKx:ITSVzpmLJIyCove
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader