gcleaner | f972479a93fe759a3fbf8b9b4157aed36404d1a9cbae0b8a90c64c8f827b8511 | Triage

Sharing

General

Target

f972479a93fe759a3fbf8b9b4157aed36404d1a9cbae0b8a90c64c8f827b8511
Size

1.7MB
Sample

241229-jpdexswrcq
MD5

50efab291b463323e92990e05372df1e
SHA1

1d61d1f102a681bd8bd429dfc3b14db37ada2a2b
SHA256

f972479a93fe759a3fbf8b9b4157aed36404d1a9cbae0b8a90c64c8f827b8511
SHA512

dc17f837be1fed8fdace21a26995f489c30140b3065aec4354ffba5ef43269f5b8d7332eeb6947311241ee42f8da7bb4e401e6b0f35e70b32b3df0e70eef03dd
SSDEEP

24576:XBqjAAgVPlTBjaLZpw3y9WSz6291iPS8y3U1jxa2A2RdaP:xlAs9TBjaLZpTKPSAy2RdE

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

85.208.136.148

85.208.136.56

85.208.136.48

85.208.136.87

Attributes

url_path
/x.php

/soft.php

/soft.php

Targets

- Target
  
  f972479a93fe759a3fbf8b9b4157aed36404d1a9cbae0b8a90c64c8f827b8511
- Size
  
  1.7MB
- MD5
  
  50efab291b463323e92990e05372df1e
- SHA1
  
  1d61d1f102a681bd8bd429dfc3b14db37ada2a2b
- SHA256
  
  f972479a93fe759a3fbf8b9b4157aed36404d1a9cbae0b8a90c64c8f827b8511
- SHA512
  
  dc17f837be1fed8fdace21a26995f489c30140b3065aec4354ffba5ef43269f5b8d7332eeb6947311241ee42f8da7bb4e401e6b0f35e70b32b3df0e70eef03dd
- SSDEEP
  
  24576:XBqjAAgVPlTBjaLZpw3y9WSz6291iPS8y3U1jxa2A2RdaP:xlAs9TBjaLZpTKPSAy2RdE
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader