gcleaner | 5955f152c661a9643e42ecadfb4585b9e046a9a41ffac4822929500f6ef76a1a | Triage

Sharing

General

Target

JaffaCakes118_5955f152c661a9643e42ecadfb4585b9e046a9a41ffac4822929500f6ef76a1a
Size

245KB
Sample

241230-2rnb1svpcv
MD5

4cb36f914d4ad189acb79cfc76ef0bf8
SHA1

42a16435df54f894be969c0208e366f0806232e6
SHA256

5955f152c661a9643e42ecadfb4585b9e046a9a41ffac4822929500f6ef76a1a
SHA512

4d82f81d51ce4fd83cb80dbbd4ec00b19c9b637d1f4d8efbb5aa349552d86adc34c4375fa2b47c681d12e31406a58b9c0a682536ccadb08d79970ae58dc98f14
SSDEEP

6144:lWu3xTcWU98VQ2OHX8OphPCLuiOh1kCFVV8NgvX3Wm:guqWU98VQ2OHtCXekCFDugvHn

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

45.141.237.38

31.210.20.149

212.192.241.16

203.159.80.49

Attributes

url_path
/software.php

/software.php

Targets

- Target
  
  9c995879ba01832f9fabb02012987acec2546f4adb170c253983ef8c7bfc91d5
- Size
  
  373KB
- MD5
  
  26702c564759f254909110978efa4116
- SHA1
  
  154bdf62d20aca25fdc7df5b7fb6b7044d015c25
- SHA256
  
  9c995879ba01832f9fabb02012987acec2546f4adb170c253983ef8c7bfc91d5
- SHA512
  
  b3c5a9ee687379a4770c64295f2eaac9d82c4dd4dab3bee424a7c05f757126cd5990a7c6672a7c498064449cc7e359302b70981a82c56a5a8302e8f1d08fa81b
- SSDEEP
  
  6144:26q1OB7YEew+BXDyWq+n/a5gfTc4IwxFphPQLuiOh1ECFVV8rgvX3rz4Q:2n8eEewiXDFq+nS5ufrbQXeECFDCgvHg
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader