gcleaner | 0c74e11941b9491d6b79d33b2f1455cf3cfca0942674d72f13eed8ab1c5856df | Triage

Sharing

General

Target

0c74e11941b9491d6b79d33b2f1455cf3cfca0942674d72f13eed8ab1c5856df
Size

4.5MB
Sample

250105-hfcatsxqhq
MD5

6256eb5ea0401c346c4bc7af161cd909
SHA1

03bdc447f53b01b1c950a2a0cf06eaea8d70c17e
SHA256

0c74e11941b9491d6b79d33b2f1455cf3cfca0942674d72f13eed8ab1c5856df
SHA512

ccf80392c381e2db7b2adfc83c93dc9808dd995b300822639edaa779e2c217caf736669598ce37fa867bf24d53b05a9f4695745985d07b135acb2b2fce2666dc
SSDEEP

98304:4SYWE7cJZ+0dKL9mXnqOj8ySiZ5arqZJsASEwf:XeFr

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

85.208.136.148

85.208.136.56

85.208.136.48

85.208.136.87

Attributes

url_path
/x.php

/soft.php

/soft.php

Targets

- Target
  
  0c74e11941b9491d6b79d33b2f1455cf3cfca0942674d72f13eed8ab1c5856df
- Size
  
  4.5MB
- MD5
  
  6256eb5ea0401c346c4bc7af161cd909
- SHA1
  
  03bdc447f53b01b1c950a2a0cf06eaea8d70c17e
- SHA256
  
  0c74e11941b9491d6b79d33b2f1455cf3cfca0942674d72f13eed8ab1c5856df
- SHA512
  
  ccf80392c381e2db7b2adfc83c93dc9808dd995b300822639edaa779e2c217caf736669598ce37fa867bf24d53b05a9f4695745985d07b135acb2b2fce2666dc
- SSDEEP
  
  98304:4SYWE7cJZ+0dKL9mXnqOj8ySiZ5arqZJsASEwf:XeFr
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader