gcleaner | f32d05b4416c69e86bb013569644d803fc663c092c9f90a1199c6da3e280b956 | Triage

Sharing

General

Target

JaffaCakes118_f32d05b4416c69e86bb013569644d803fc663c092c9f90a1199c6da3e280b956
Size

228KB
Sample

241229-2mgzfayqhr
MD5

c1097414ecbc3be77152c578526f7120
SHA1

59c974d8f6a03b518b7e693e1aac94515ad2b994
SHA256

f32d05b4416c69e86bb013569644d803fc663c092c9f90a1199c6da3e280b956
SHA512

99e2e4f597ea103ee380ff35120ac8866b6447b7f7a273ee5ce565cb35636248e7532d67861b5cbd4d83fb62af41819eaf11bff6d69c0b07350c0c80eae8820f
SSDEEP

3072:w0V7hj7fsWEZgzB+N76fF7yYjdIVxhv1itM20cPmvZ8MQjowzhksuB43GlPI4VUN:rBz+gYNaJzdovgKimZ8Moe/B43CPY

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

45.139.105.171

85.31.46.167

107.182.129.235

171.22.30.106

Attributes

url_path
....!..../software.php

....!..../software.php

Targets

- Target
  
  4e2fbcee0db3907cfc3b65d0adc9ec67dbb5f0229b0ba2c75f38453d605cc91c
- Size
  
  330KB
- MD5
  
  6369de51ea2478e96c7cd841ecbf78a5
- SHA1
  
  45b390a89ffdcdf4f279696213d86e07bbcad134
- SHA256
  
  4e2fbcee0db3907cfc3b65d0adc9ec67dbb5f0229b0ba2c75f38453d605cc91c
- SHA512
  
  e9d275224dcee4becf99b0896a01251cecd742ca697085006e0dc905a635213e7720bfe2c94d06e9cea4195e387e616eceed5d04b1c3fbce9db0e6596e63eedc
- SSDEEP
  
  6144:X0BW/7LEKxj4QYplnWzJzdwvgKimZcMoNtdwn3:kB474KxjtYpZWzkgBm65Nvq3
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader