gcleaner | 7cbcbe9fe0abd41fc7f1ee64d84651e55814a3699277f85578957a6c479c6b3b | Triage

Sharing

General

Target

7cbcbe9fe0abd41fc7f1ee64d84651e55814a3699277f85578957a6c479c6b3b
Size

2.6MB
Sample

241224-yerl5avrdl
MD5

94f7eb15d1f01b164069ee38332d4af5
SHA1

61fe61a8f91087a2f8150b692394475266ec29d3
SHA256

7cbcbe9fe0abd41fc7f1ee64d84651e55814a3699277f85578957a6c479c6b3b
SHA512

e24abfb442866d4e1cf675904b315c7673bbd7188a5ec504ea14342430225e31c51f8b5fbac80e3a529ae2e10ae319b09567a9ba927b2ad4acf27333d4456cfb
SSDEEP

49152:8M3FF+Yh90RC7PnI/7Zwist2RhZEck3R2eU:8kF990RC7PmSist2/Zk32

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

45.139.105.39

37.139.129.24

45.139.105.66

45.139.105.188

Attributes

url_path
/get.php

/setup.php

/setup.php

Targets

- Target
  
  7cbcbe9fe0abd41fc7f1ee64d84651e55814a3699277f85578957a6c479c6b3b
- Size
  
  2.6MB
- MD5
  
  94f7eb15d1f01b164069ee38332d4af5
- SHA1
  
  61fe61a8f91087a2f8150b692394475266ec29d3
- SHA256
  
  7cbcbe9fe0abd41fc7f1ee64d84651e55814a3699277f85578957a6c479c6b3b
- SHA512
  
  e24abfb442866d4e1cf675904b315c7673bbd7188a5ec504ea14342430225e31c51f8b5fbac80e3a529ae2e10ae319b09567a9ba927b2ad4acf27333d4456cfb
- SSDEEP
  
  49152:8M3FF+Yh90RC7PnI/7Zwist2RhZEck3R2eU:8kF990RC7PmSist2/Zk32
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader