gcleaner | e78e62c7c108476b3cb0ed8cf1d96ed6d818ee6f010fa865928313a41a8078f7 | Triage

Sharing

General

Target

e78e62c7c108476b3cb0ed8cf1d96ed6d818ee6f010fa865928313a41a8078f7
Size

2.5MB
Sample

250107-fext2axjcr
MD5

cffb9cec97e796391da01316a5e5b20c
SHA1

b15d13d53db614aeb994fb6de0f299fa0b7dce2b
SHA256

e78e62c7c108476b3cb0ed8cf1d96ed6d818ee6f010fa865928313a41a8078f7
SHA512

fb1755a4d185a355d53c77963adae9771711ae687d36acd4f5a55437a3b7caeaa5ce3704ebbfe3149ec37a01e121f5a490c1690b94616f77d0bcdd6d9d62f076
SSDEEP

24576:Dhjsac/nrl8K08qpbo6UyVtk2Fl0daDtphPQCDcZT5ftl12vb08EM8:Dh4PWVy7uwDsvIN

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

208.67.106.156

37.139.129.24

193.151.183.73

208.67.104.141

Attributes

url_path
/i.php

/get.php

/setup.php

/setup.php

Targets

- Target
  
  e78e62c7c108476b3cb0ed8cf1d96ed6d818ee6f010fa865928313a41a8078f7
- Size
  
  2.5MB
- MD5
  
  cffb9cec97e796391da01316a5e5b20c
- SHA1
  
  b15d13d53db614aeb994fb6de0f299fa0b7dce2b
- SHA256
  
  e78e62c7c108476b3cb0ed8cf1d96ed6d818ee6f010fa865928313a41a8078f7
- SHA512
  
  fb1755a4d185a355d53c77963adae9771711ae687d36acd4f5a55437a3b7caeaa5ce3704ebbfe3149ec37a01e121f5a490c1690b94616f77d0bcdd6d9d62f076
- SSDEEP
  
  24576:Dhjsac/nrl8K08qpbo6UyVtk2Fl0daDtphPQCDcZT5ftl12vb08EM8:Dh4PWVy7uwDsvIN
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader