gcleaner | 4a0e6f1d1dd0d87ed4c9ff33325861abc4c99e92da1475883fe546db9b354494 | Triage

Sharing

General

Target

4a0e6f1d1dd0d87ed4c9ff33325861abc4c99e92da1475883fe546db9b354494
Size

1.4MB
Sample

250120-jvlngszjg1
MD5

294c47c383c2f9e2bd3fca5b7de6fc71
SHA1

6592c9f3c7fe94272ed3ccdb8ea9d40f7e7d7e8f
SHA256

4a0e6f1d1dd0d87ed4c9ff33325861abc4c99e92da1475883fe546db9b354494
SHA512

e2cc1fa48a2b5d61e498ab6d03ec89d3f87e897a48ff40c7ae9e6e356e0a52c0d8c7cde247df11354309240278e21724842ccbf0d3ddcb75b273260e9b2bba5b
SSDEEP

24576:EmLqLCmmPlTyR2KOVtPwLNIGeY5micU08:EmLF39TDxzmms

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

85.208.136.148

85.208.136.56

85.208.136.48

85.208.136.87

Attributes

url_path
/x.php

/soft.php

/soft.php

Targets

- Target
  
  4a0e6f1d1dd0d87ed4c9ff33325861abc4c99e92da1475883fe546db9b354494
- Size
  
  1.4MB
- MD5
  
  294c47c383c2f9e2bd3fca5b7de6fc71
- SHA1
  
  6592c9f3c7fe94272ed3ccdb8ea9d40f7e7d7e8f
- SHA256
  
  4a0e6f1d1dd0d87ed4c9ff33325861abc4c99e92da1475883fe546db9b354494
- SHA512
  
  e2cc1fa48a2b5d61e498ab6d03ec89d3f87e897a48ff40c7ae9e6e356e0a52c0d8c7cde247df11354309240278e21724842ccbf0d3ddcb75b273260e9b2bba5b
- SSDEEP
  
  24576:EmLqLCmmPlTyR2KOVtPwLNIGeY5micU08:EmLF39TDxzmms
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader