gcleaner | 359a3ccc5a063f89d20d6f0f27b3eb7bf568bcb5a14abc374544d58bb738feaa | Triage

Sharing

General

Target

359a3ccc5a063f89d20d6f0f27b3eb7bf568bcb5a14abc374544d58bb738feaa
Size

1.6MB
Sample

250118-jaq3gawqg1
MD5

be41a6b0b91b711b0d767d617245e71a
SHA1

0ba48b261c136f00801ae939bcd18ad438c01a51
SHA256

359a3ccc5a063f89d20d6f0f27b3eb7bf568bcb5a14abc374544d58bb738feaa
SHA512

fc1005b3315a9f0b98ae05d9bbe15625f1603ba08dcc44d5a60de5f826ffe4a7a85a353a4598aad639489833d9cc3c534707f47e3877922ac912aafb2eb52347
SSDEEP

24576:xyPVj3PlTBjaLZpNppa2euXkeP1vPvolfP:xM39TBjaLZpjXaVP

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

85.208.136.148

85.208.136.56

85.208.136.48

85.208.136.87

Attributes

url_path
/x.php

/soft.php

/soft.php

Targets

- Target
  
  359a3ccc5a063f89d20d6f0f27b3eb7bf568bcb5a14abc374544d58bb738feaa
- Size
  
  1.6MB
- MD5
  
  be41a6b0b91b711b0d767d617245e71a
- SHA1
  
  0ba48b261c136f00801ae939bcd18ad438c01a51
- SHA256
  
  359a3ccc5a063f89d20d6f0f27b3eb7bf568bcb5a14abc374544d58bb738feaa
- SHA512
  
  fc1005b3315a9f0b98ae05d9bbe15625f1603ba08dcc44d5a60de5f826ffe4a7a85a353a4598aad639489833d9cc3c534707f47e3877922ac912aafb2eb52347
- SSDEEP
  
  24576:xyPVj3PlTBjaLZpNppa2euXkeP1vPvolfP:xM39TBjaLZpjXaVP
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader