General

  • Target

    JaffaCakes118_cb915f218b419af0aac0305a0f3737313e252aa36f6bff93f2eed60ff5dd0f76

  • Size

    229KB

  • Sample

    241224-qnh3caykdv

  • MD5

    4ba3f695596d24f9513afb54a6ba38bd

  • SHA1

    436230614ed68cd5cabeec6e7434396d64049ad7

  • SHA256

    cb915f218b419af0aac0305a0f3737313e252aa36f6bff93f2eed60ff5dd0f76

  • SHA512

    0d43a0dedc4a08e15c6e12ce1bcebfbac97a79b46a5071200b455e7f1925e1b4c2bcc67a0f39818ba892c5f14bfee932bb6c1144a3d6c3fe7e4db2fc7da50462

  • SSDEEP

    3072:dBje1CJQFSaPnFw4zUCZN4Hc+5cE2DPJPc5GUm75P1cgXJK6vOhyY3l4qa3JWX1M:49SaPFFDZC3yPchkcgX9vOvza3iq1L

Malware Config

Extracted

Family

gcleaner

C2

45.139.105.171

85.31.46.167

107.182.129.235

171.22.30.106

Attributes
  • url_path

    ....!..../software.php

    ....!..../software.php

Targets

    • Target

      0eba9622a0cd406a25342d58bd188b1ca19f39540b30e70d9f3f4a476ec25d39

    • Size

      356KB

    • MD5

      a5b92840029073b54a595eb7d4af481b

    • SHA1

      4237a5320d90c46aabecd1edffeecbec5507113f

    • SHA256

      0eba9622a0cd406a25342d58bd188b1ca19f39540b30e70d9f3f4a476ec25d39

    • SHA512

      a8adee3e78e9c20577b6a189fedad4048cfd08a349618cc44acf13209baab7d2705b05667ad311269c434ba4ac28a7b04582ecb235742093bb05bf1f8540a800

    • SSDEEP

      6144:MUHCLMyXvJxaSfAMPchycgX/D1PZ2Gl7ITsq:MUiTfJxPPF3X/9Z2Gl7

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Gcleaner family

MITRE ATT&CK Enterprise v15

Tasks