gcleaner | 2b11ad3994b31b11b321e7281b5593be0fb9c40d8367f3c95d437c1c543f7f99 | Triage

Sharing

General

Target

JaffaCakes118_2b11ad3994b31b11b321e7281b5593be0fb9c40d8367f3c95d437c1c543f7f99
Size

228KB
Sample

241229-pcckra1mgs
MD5

1f16a65728ff8b555da42647e94a03f8
SHA1

5608b2698cdabf97569ed230efa007bc8de1dd95
SHA256

2b11ad3994b31b11b321e7281b5593be0fb9c40d8367f3c95d437c1c543f7f99
SHA512

0d68b09d1faa367aa5828d5991e27d27848ec35cb404116eac925cb6cafd030b72b30695032daa7f1bd549d9b0c927e6219c46a6c1793eb1fa4e4ebe243502e4
SSDEEP

6144:xAMjyyWVswvZFLWyE6tyWxYObyHByYxTfloQFOOwjFJO77g2:qMBXw+yJ4WxYObcyY7KOWY7E2

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

45.139.105.171

85.31.46.167

107.182.129.235

171.22.30.106

Attributes

url_path
....!..../software.php

....!..../software.php

Targets

- Target
  
  cbe5ad908eaff3c57dc24bd937c2268e380926ea39e69cd77d0ad7854aa73f19
- Size
  
  300KB
- MD5
  
  baf64e13d868293522c6014a07f5d8f7
- SHA1
  
  548fdfb25fd58942eb2f9bd291408498ee441448
- SHA256
  
  cbe5ad908eaff3c57dc24bd937c2268e380926ea39e69cd77d0ad7854aa73f19
- SHA512
  
  c4a859582ba7f077a951eedee292c4acdccfdb0287f0611ca85970fb6392d9502bca64d6bb6e21ba9c4a6524adcb94a7a803c000d837f0fd8bd1b949ef1ac095
- SSDEEP
  
  6144:GdAowps+XLtSolGtyWxYOPyHByYxNfloQFOOwhFJOy3odai:GdKiuRS94WxYOPcyYJKOOYyFi
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader