gcleaner | e0281b8910b0ad9b66f6fc079fe15733ffc9e62a077b5d81ee7b19c883572a1d

Analysis

max time kernel
146s
max time network
153s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29-01-2023 21:14

Target

e0281b8910b0ad9b66f6fc079fe15733ffc9e62a077b5d81ee7b19c883572a1d.exe
Size

235KB
MD5

6482436e59beda262fd220ad9dbcf440
SHA1

0777cf0193299bd1ca60d28c9c6c8ec95e9da486
SHA256

e0281b8910b0ad9b66f6fc079fe15733ffc9e62a077b5d81ee7b19c883572a1d
SHA512

8764d42c767e734c89769b604f00cbdbecc826547fd241b3f6b74640d1f3ecf892cf10eb4477b484d491ddb3c26009528fa0624af42b89f34e79b88784421df4
SSDEEP

3072:90fc1W4Mb8zjmuYg90zH5cr21X1b3wY0zqc6wo7xkISjqHuiYvIFfjL7FT5/FP73:91kb8VY0sJyq+8zSjP0F7

Score

10^/10

Family

gcleaner

gcleaner.pro

GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
loader gcleaner
OnlyLogger
A tiny loader that uses IPLogger to get its payload.
loader onlylogger

OnlyLogger payload 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/968-56-0x0000000000220000-0x000000000024E000-memory.dmp	family_onlylogger
behavioral1/memory/968-57-0x0000000000400000-0x0000000000835000-memory.dmp	family_onlylogger

C:\Users\Admin\AppData\Local\Temp\e0281b8910b0ad9b66f6fc079fe15733ffc9e62a077b5d81ee7b19c883572a1d.exe
"C:\Users\Admin\AppData\Local\Temp\e0281b8910b0ad9b66f6fc079fe15733ffc9e62a077b5d81ee7b19c883572a1d.exe"
1⤵
PID:968

memory/968-54-0x0000000075921000-0x0000000075923000-memory.dmp

Filesize
8KB

Download
memory/968-56-0x0000000000220000-0x000000000024E000-memory.dmp

Filesize
184KB

Download
memory/968-55-0x0000000000A1A000-0x0000000000A35000-memory.dmp

Filesize
108KB

Download
memory/968-57-0x0000000000400000-0x0000000000835000-memory.dmp

Filesize
4.2MB

Download