gcleaner | fd75b25ea68423358eeec4ec1d9c977803055c4dcea27cb8ba2522e8367e81f5 | Triage

Submit
Reports

Overview

overview

Static

static

fd75b25ea6...f5.exe

windows7-x64

fd75b25ea6...f5.exe

windows10-2004-x64

Sharing

General

Target

fd75b25ea68423358eeec4ec1d9c977803055c4dcea27cb8ba2522e8367e81f5
Size

395KB
Sample

230129-yljvvsbd97
MD5

dd3b8b0969a3ef939f1350e9a02a38c7
SHA1

23df66662002809cc67dbd70fc373f9e63c0adfd
SHA256

fd75b25ea68423358eeec4ec1d9c977803055c4dcea27cb8ba2522e8367e81f5
SHA512

0114061dacd43ac82101f3c8c0a3a69610482f40db6505aa27d99079864d88e22d0361ed010fc951c6662bf09a2292f37240c511fdaaa0ca099893e2740562ff
SSDEEP

6144:W2hXN/ZA2D1rJyVQQJbQ2ZI2bBY0LR7WxGo3LoHyH73jlyWt7yyt:Vq41rJyV3bQ25bGaJW4eWObjgY7

Score

10^/10

gcleaner onlylogger loader

Static task

static1

Behavioral task

behavioral1

Sample

fd75b25ea68423358eeec4ec1d9c977803055c4dcea27cb8ba2522e8367e81f5.exe

Resource

win7-20221111-en

gcleaner onlylogger loader

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

fd75b25ea68423358eeec4ec1d9c977803055c4dcea27cb8ba2522e8367e81f5.exe

Resource

win10v2004-20220901-en

gcleaner onlylogger loader

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

gcleaner.pro

Targets

- Target
  
  fd75b25ea68423358eeec4ec1d9c977803055c4dcea27cb8ba2522e8367e81f5
- Size
  
  395KB
- MD5
  
  dd3b8b0969a3ef939f1350e9a02a38c7
- SHA1
  
  23df66662002809cc67dbd70fc373f9e63c0adfd
- SHA256
  
  fd75b25ea68423358eeec4ec1d9c977803055c4dcea27cb8ba2522e8367e81f5
- SHA512
  
  0114061dacd43ac82101f3c8c0a3a69610482f40db6505aa27d99079864d88e22d0361ed010fc951c6662bf09a2292f37240c511fdaaa0ca099893e2740562ff
- SSDEEP
  
  6144:W2hXN/ZA2D1rJyVQQJbQ2ZI2bBY0LR7WxGo3LoHyH73jlyWt7yyt:Vq41rJyV3bQ25bGaJW4eWObjgY7
Score

10^/10

gcleaner onlylogger loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- OnlyLogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gcleaneronlyloggerloader

behavioral2

gcleaneronlyloggerloader

© 2018-2024

Terms | Privacy