gcleaner | 059cd02af0dd43d3793e06afce8d72759e72b0c14c9c1b3895c0fa3b125a6d46 | Triage

Sharing

General

Target

JaffaCakes118_059cd02af0dd43d3793e06afce8d72759e72b0c14c9c1b3895c0fa3b125a6d46
Size

329KB
Sample

241225-yrzs9svqfv
MD5

2168369c70b174f138c3ef71d3a94e03
SHA1

94a8b4f2a7e2cd8a8baee201781948a07959c324
SHA256

059cd02af0dd43d3793e06afce8d72759e72b0c14c9c1b3895c0fa3b125a6d46
SHA512

61aa14e5f17302a982cc90faf38ab3b21446b7ac891ea6ba5da54d0c4947578ccdc3a3d317ae2d40c0d8eb8628b3acaf327c6d8b817d34f6a2a400b97f137dd6
SSDEEP

3072:fSFSB/U0LV5JjEz5682Q11PcdGL3DM9K8d8GfoR3tOkYgt+LJcaaVXKgqOASZSWk:eSBM0LHJa1PIJ9K8EtY8+LqaS6gqMZ3

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

45.139.105.171

85.31.46.167

107.182.129.235

171.22.30.106

Attributes

url_path
....!..../software.php

....!..../software.php

Targets

- Target
  
  JaffaCakes118_059cd02af0dd43d3793e06afce8d72759e72b0c14c9c1b3895c0fa3b125a6d46
- Size
  
  329KB
- MD5
  
  2168369c70b174f138c3ef71d3a94e03
- SHA1
  
  94a8b4f2a7e2cd8a8baee201781948a07959c324
- SHA256
  
  059cd02af0dd43d3793e06afce8d72759e72b0c14c9c1b3895c0fa3b125a6d46
- SHA512
  
  61aa14e5f17302a982cc90faf38ab3b21446b7ac891ea6ba5da54d0c4947578ccdc3a3d317ae2d40c0d8eb8628b3acaf327c6d8b817d34f6a2a400b97f137dd6
- SSDEEP
  
  3072:fSFSB/U0LV5JjEz5682Q11PcdGL3DM9K8d8GfoR3tOkYgt+LJcaaVXKgqOASZSWk:eSBM0LHJa1PIJ9K8EtY8+LqaS6gqMZ3
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader