ioc[.]one - OSINT Cyber Threat Intelligence Database

Deep Analysis of GCleaner

Tags

country:	Russia
attack-pattern:	Data Hardware - T1592.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Connection Proxy - T1090

Show in Graph

Common Information

Type	Value
UUID	693634a0-6672-442d-914a-de6fb47c027e
Fingerprint	8e442c80ef3d4694
Analysis status	DONE
Considered CTI value	0
Text language
Published	July 15, 2023, midnight
Added to db	Aug. 31, 2024, 10:27 a.m.
Last updated	Nov. 17, 2024, 6:30 p.m.
Headline	Deep Analysis of GCleaner
Title	Deep Analysis of GCleaner
Detected Hints/Tags/Attributes	45/2/14

Source URLs

	Redirection	Url
Details	Source	https://n1ght-w0lf.github.io/malware%20analysis/gcleaner-loader/

URL Provider

Details	Provider	Source level domain
Details	github.io	n1ght-w0lf.github.io

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	472	✔	n1ghtw0lf	https://n1ght-w0lf.github.io/feed	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	71		aes.new
Details	File	2		dll.php
Details	File	16		plus.php
Details	File	2		stuk.php
Details	File	2		puk.php
Details	File	1		34lmaylzs6fixf.exe
Details	File	15		out.bin
Details	File	8		page.url
Details	sha256	1		020d370b51711b0814901d7cc32d8251affcc3506b9b4c15db659f3dbb6a2e6b
Details	sha256	1		73ed1926e850a9a076a8078932e76e1ac5f109581996dd007f00681ae4024baa
Details	IPv4	15		45.12.253.56
Details	IPv4	2		45.12.253.72
Details	IPv4	1		45.12.253.98
Details	IPv4	2		45.12.253.75