gcleaner | c2131d7b6c46e86e2592faffe1d28f8b3dc7e7270f901312f636f5eeb7cb28bb | Triage

Sharing

General

Target

JaffaCakes118_c2131d7b6c46e86e2592faffe1d28f8b3dc7e7270f901312f636f5eeb7cb28bb
Size

227KB
Sample

241230-eem46axlhw
MD5

fd485f9b74292d6c95c682827403e70e
SHA1

fa58eec6975a64f59a1b5e353a223a31e4cf50e0
SHA256

c2131d7b6c46e86e2592faffe1d28f8b3dc7e7270f901312f636f5eeb7cb28bb
SHA512

aec304e6bd36f9abceed99b530e63738672af1cbd930bf004825b2018991113aad7297594a1fac85ec5a6b5d50ae2dcf941f252e1a1a1dd30c714952cebb3dc3
SSDEEP

6144:RPG8BARWk2p3MVyrq7CjT4uTn8OzY6AlCi:ROMARQpcVbnuz8Oc6w

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

45.139.105.171

85.31.46.167

107.182.129.235

171.22.30.106

Attributes

url_path
....!..../software.php

....!..../software.php

Targets

- Target
  
  11ee23a66e6da78d3de92372778cb4ba1d10e4639b2e8d73fdb162122fa60e02
- Size
  
  329KB
- MD5
  
  74029ded3fc81842ef551d774416fb63
- SHA1
  
  4a1cdcd3155f735e505ea6e19968ff6326290b20
- SHA256
  
  11ee23a66e6da78d3de92372778cb4ba1d10e4639b2e8d73fdb162122fa60e02
- SHA512
  
  9cc62182bbaee30642cd2ddddfad006a8bc6606bf26a6d6a61291bdff356561293fedfb5c26cb0047b7145f395205753cca8d48d1b313f5d2b5f814e2e7efaf5
- SSDEEP
  
  3072:WPwbSB0ytELMigdyz5k8aHXCQcfWKj/BmYc3F7LxXUjmKE9pA947SixU10nOGhy:HbSBzKLrgTZcfWG5rq7kj54z21VD7/
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader