gcleaner | e9d40ab2d4121586fd78025aad5c43bdbad9f4778b9242fbf4c69dcd617567d6 | Triage

Sharing

General

Target

JaffaCakes118_e9d40ab2d4121586fd78025aad5c43bdbad9f4778b9242fbf4c69dcd617567d6
Size

253KB
Sample

241229-jkj2xawqes
MD5

3b91bb9b46102c4155ed4312e80ae68f
SHA1

debc007f47c537c687ac98080580f4cdcb79fc24
SHA256

e9d40ab2d4121586fd78025aad5c43bdbad9f4778b9242fbf4c69dcd617567d6
SHA512

0de0d8ae2cea0e2dce6ee880c89ed5746498120b1e8ae1a412ea4da041f5bde7de1f99a6215ef895d5cd264635e61818414cc2ae19f61d6b3b22f157c3c65c46
SSDEEP

6144:5lPBatc05lRphh2/Bp04gG8I+mS04DwkWL7VbZ:5lPgtcslRpwQdmx4ql

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

45.141.237.38

31.210.20.149

212.192.241.16

203.159.80.49

Attributes

url_path
/software.php

/software.php

Targets

- Target
  
  0312676b0a8a4594da2ba4a13675ce3ae5855d3e166bf86d2688a6679ab1c979
- Size
  
  335KB
- MD5
  
  13e4fddd6b99ec63502a7c7ef0305c31
- SHA1
  
  5514a46109d5055468f556982d3ef8eec4972468
- SHA256
  
  0312676b0a8a4594da2ba4a13675ce3ae5855d3e166bf86d2688a6679ab1c979
- SHA512
  
  73f91303587413e10a0a952552cba8ad006d2d10e9cff9b66724be63e3c8f3fcf6cdb3d5476a4027dc64c7cb6071612dc41d1b1b81a31b100541777b101e891f
- SSDEEP
  
  6144:Xk5nmc05lZphh2zBp0DpSRQ02GTts/KoyBuqa48igafwVf:X7cslZp2ciih4Z
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader