gcleaner | 169d86c395ce48edc63e30c4dfeb29163be409f0930e864064e8ae0136d85d3c | Triage

Sharing

General

Target

JaffaCakes118_169d86c395ce48edc63e30c4dfeb29163be409f0930e864064e8ae0136d85d3c
Size

329KB
Sample

241224-sf4eesznez
MD5

7aad48f2bac376c5f34c024fec4ae2f1
SHA1

b02b3579b96086291471c639b0fe038ca3037ee8
SHA256

169d86c395ce48edc63e30c4dfeb29163be409f0930e864064e8ae0136d85d3c
SHA512

220b4241f7551e601274bb48fd7242dc8bb9b542bf31a4e4272a85d1b9269c34eaead136b5793cb4aab30e1623f3e69ebea187cdfdcc49b48e2cfe5d406b6ce3
SSDEEP

6144:F+3xT6k6zkQczNNFCpRJVjXWSJIvwLk0:FMxT6k6z3czNNgbPj31

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

45.139.105.171

85.31.46.167

107.182.129.235

171.22.30.106

Attributes

url_path
....!..../software.php

....!..../software.php

Targets

- Target
  
  JaffaCakes118_169d86c395ce48edc63e30c4dfeb29163be409f0930e864064e8ae0136d85d3c
- Size
  
  329KB
- MD5
  
  7aad48f2bac376c5f34c024fec4ae2f1
- SHA1
  
  b02b3579b96086291471c639b0fe038ca3037ee8
- SHA256
  
  169d86c395ce48edc63e30c4dfeb29163be409f0930e864064e8ae0136d85d3c
- SHA512
  
  220b4241f7551e601274bb48fd7242dc8bb9b542bf31a4e4272a85d1b9269c34eaead136b5793cb4aab30e1623f3e69ebea187cdfdcc49b48e2cfe5d406b6ce3
- SSDEEP
  
  6144:F+3xT6k6zkQczNNFCpRJVjXWSJIvwLk0:FMxT6k6z3czNNgbPj31
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader