gcleaner | c55dd4d6042d6f0fda543db343e89f5dbf8c4d81d4a61a06c29e5570ed2bf9b3 | Triage

Sharing

General

Target

JaffaCakes118_c55dd4d6042d6f0fda543db343e89f5dbf8c4d81d4a61a06c29e5570ed2bf9b3
Size

373KB
Sample

241230-xxbsysxkas
MD5

172cb88484c0f357f9785291815c062b
SHA1

5e09513aa4303b1cfe6141d0db04d1c59af38c3c
SHA256

c55dd4d6042d6f0fda543db343e89f5dbf8c4d81d4a61a06c29e5570ed2bf9b3
SHA512

f1ea7d8b4c28edf8f491d5ce3b51b2d4736d5fa3b063d9a5f3e38e00bb7babe584860d81b6679b67393e951d79e94cc6fbcfcaa9274ec32c8f0c14d35bbf8e88
SSDEEP

6144:O2SnSOVGOxbGUkARZIiZdWjknixFN/wh82BWPQl3C93P5e/85IqTDlFdjOeOT6:ISQNDRZhXWjkn8Nl2t8I/GDlrjH

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

185.102.170.34

31.210.20.149

212.192.241.16

203.159.80.49

Attributes

url_path
/software.php

/software.php

Targets

- Target
  
  JaffaCakes118_c55dd4d6042d6f0fda543db343e89f5dbf8c4d81d4a61a06c29e5570ed2bf9b3
- Size
  
  373KB
- MD5
  
  172cb88484c0f357f9785291815c062b
- SHA1
  
  5e09513aa4303b1cfe6141d0db04d1c59af38c3c
- SHA256
  
  c55dd4d6042d6f0fda543db343e89f5dbf8c4d81d4a61a06c29e5570ed2bf9b3
- SHA512
  
  f1ea7d8b4c28edf8f491d5ce3b51b2d4736d5fa3b063d9a5f3e38e00bb7babe584860d81b6679b67393e951d79e94cc6fbcfcaa9274ec32c8f0c14d35bbf8e88
- SSDEEP
  
  6144:O2SnSOVGOxbGUkARZIiZdWjknixFN/wh82BWPQl3C93P5e/85IqTDlFdjOeOT6:ISQNDRZhXWjkn8Nl2t8I/GDlrjH
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader