gcleaner | 0bff5a3e56f8b775e3c30ef19868bb42e612981336191ee1fdbb333fe156c1b4 | Triage

Sharing

General

Target

0bff5a3e56f8b775e3c30ef19868bb42e612981336191ee1fdbb333fe156c1b4
Size

1.8MB
Sample

250222-n63tcswmam
MD5

f39f9c8fad7e3d2dc5918e3581a0676e
SHA1

d5d306a14f7cf9d57b79d8a67f82ab285df63d19
SHA256

0bff5a3e56f8b775e3c30ef19868bb42e612981336191ee1fdbb333fe156c1b4
SHA512

d1b7e239bbeabb339e477b2fdac0d5749ac4da6eee1068439aed1052dfe580a5c4cbcb20b3a60a58cbecbc1a40406e9340807f7c7c89a77184404e75a06e9593
SSDEEP

24576:HI8+tQayGWHPApPoXDIDauxXRhezuXtj6sD+QGR4aWR1:vwQayG0EbxXSCsW+

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

85.31.45.39

85.31.45.250

85.31.45.251

85.31.45.88

Attributes

url_path
/b.php

/d.php

/d.php

Targets

- Target
  
  0bff5a3e56f8b775e3c30ef19868bb42e612981336191ee1fdbb333fe156c1b4
- Size
  
  1.8MB
- MD5
  
  f39f9c8fad7e3d2dc5918e3581a0676e
- SHA1
  
  d5d306a14f7cf9d57b79d8a67f82ab285df63d19
- SHA256
  
  0bff5a3e56f8b775e3c30ef19868bb42e612981336191ee1fdbb333fe156c1b4
- SHA512
  
  d1b7e239bbeabb339e477b2fdac0d5749ac4da6eee1068439aed1052dfe580a5c4cbcb20b3a60a58cbecbc1a40406e9340807f7c7c89a77184404e75a06e9593
- SSDEEP
  
  24576:HI8+tQayGWHPApPoXDIDauxXRhezuXtj6sD+QGR4aWR1:vwQayG0EbxXSCsW+
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
- Downloads MZ/PE file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader