gcleaner | 48bcb229bec55fa35a579870073247dbfe676acb65130ee7fd3edfa2085aba64 | Triage

Sharing

General

Target

48bcb229bec55fa35a579870073247dbfe676acb65130ee7fd3edfa2085aba64
Size

2.9MB
Sample

250107-nwezjszlas
MD5

f212366ef83f5e89633e3b1aac35ea7f
SHA1

9b56c070be542fdd893e3de35c8a476ae255979a
SHA256

48bcb229bec55fa35a579870073247dbfe676acb65130ee7fd3edfa2085aba64
SHA512

acf6c21a0d495c00e9ec1c47fa3b32ecde55becf4d179b95f298b5aafdb19addcd615054768a2efbffb66cdfb058cc80789d15036673e01675a2f91f57539e69
SSDEEP

24576:dC7ZkEgvMZL0YodapBz6pNshfSdF+Ms2haFPlURSDoAHq62UTFm6SzGEfN+B4FB:s9CyL0cPfSeVlJvKWp3S/lBf

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

208.67.106.156

37.139.129.24

193.151.183.73

208.67.104.141

Attributes

url_path
/i.php

/get.php

/setup.php

/setup.php

Targets

- Target
  
  48bcb229bec55fa35a579870073247dbfe676acb65130ee7fd3edfa2085aba64
- Size
  
  2.9MB
- MD5
  
  f212366ef83f5e89633e3b1aac35ea7f
- SHA1
  
  9b56c070be542fdd893e3de35c8a476ae255979a
- SHA256
  
  48bcb229bec55fa35a579870073247dbfe676acb65130ee7fd3edfa2085aba64
- SHA512
  
  acf6c21a0d495c00e9ec1c47fa3b32ecde55becf4d179b95f298b5aafdb19addcd615054768a2efbffb66cdfb058cc80789d15036673e01675a2f91f57539e69
- SSDEEP
  
  24576:dC7ZkEgvMZL0YodapBz6pNshfSdF+Ms2haFPlURSDoAHq62UTFm6SzGEfN+B4FB:s9CyL0cPfSeVlJvKWp3S/lBf
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader