gcleaner | a272b80f425baeef69bdbe874fcb31a165c360fdbd4c8192306d04cbbd5822cc | Triage

Sharing

General

Target

JaffaCakes118_a272b80f425baeef69bdbe874fcb31a165c360fdbd4c8192306d04cbbd5822cc
Size

236KB
Sample

241229-m8xjpaznht
MD5

cf98914970b730b355ed79440147fbc6
SHA1

58d8a8e06066ef0fbb9a1df1414c9916b06ce1f7
SHA256

a272b80f425baeef69bdbe874fcb31a165c360fdbd4c8192306d04cbbd5822cc
SHA512

7e42a9263786fa0e54942d689875589cb5d6008d2a96382fe9947a40fd00ca3900b8fa74bbd46440cc3bb84dbcd1de5d282914a46e321b5e3926961de4d2a93d
SSDEEP

6144:XdwcUGTxLFC7emhNnsBx2hMAKOSlyTCOcsni/EH4X5k1:RLFcNnsBx2hzKOSCC1sH4S

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

45.141.237.38

31.210.20.149

212.192.241.16

203.159.80.49

Attributes

url_path
/software.php

/software.php

Targets

- Target
  
  b0b7af84e61ce5805ad317b113981aee691d96cbca0970a4db6d7777f4706b58
- Size
  
  309KB
- MD5
  
  ad811e08d47b832ed2510c2b00e27a75
- SHA1
  
  97aa6ba68507b30009bda5d9848e40cd6da416df
- SHA256
  
  b0b7af84e61ce5805ad317b113981aee691d96cbca0970a4db6d7777f4706b58
- SHA512
  
  0e07773596de90de39c40d9caaec74cefff9494f53622eb7feff45996582fa7e1633311ec5e8acfd39ae0b5459e162d8e3b3417b7495043db5f583b2805ad7e9
- SSDEEP
  
  6144:RU4kTxLNC7emfNnsBx2hJ6+wCgf840wqFHK5D0riga:RUtLNENnsBx2hJ5wUWqJq
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader