gcleaner | 4d04f5f44c21f9ccda28433bddea30ce2fba7a548d7d40a46332e0d2b70079d0 | Triage

Submit
Reports

Overview

overview

Static

static

3

2825328609...9a.exe

windows7-x64

2825328609...9a.exe

windows10-2004-x64

Sharing

General

Target

28253286098972f1fe91412ef99a759a
Size

5.9MB
Sample

231231-e3pynadec3
MD5

28253286098972f1fe91412ef99a759a
SHA1

c5f51069a3f9270d79bacff246b0ca86887b98c6
SHA256

4d04f5f44c21f9ccda28433bddea30ce2fba7a548d7d40a46332e0d2b70079d0
SHA512

6373384150ec0dcf916d776a09a900092ff95a3f47e10684a8b43bbd200e2817ec6d89eb7e2da0dfac64a4535acda26b101b97d580ae4d8199cbe89c75b5bd29
SSDEEP

98304:RohD0nge1EtzppRfNAlG9H3bZGjiwwRk7v:RohrgEpBNAlwH3siwwab

Score

10^/10

gcleaner onlylogger socelars xmrig loader miner stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

28253286098972f1fe91412ef99a759a.exe

Resource

win7-20231215-en

gcleaner onlylogger socelars loader stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

28253286098972f1fe91412ef99a759a.exe

Resource

win10v2004-20231215-en

gcleaner onlylogger xmrig loader miner

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

socelars

C2

http://www.iyiqian.com/

http://www.xxhufdc.top/

http://www.uefhkice.xyz/

http://www.fcektsy.top/

Extracted

Family

gcleaner

C2

194.145.227.161

Targets

- Target
  
  28253286098972f1fe91412ef99a759a
- Size
  
  5.9MB
- MD5
  
  28253286098972f1fe91412ef99a759a
- SHA1
  
  c5f51069a3f9270d79bacff246b0ca86887b98c6
- SHA256
  
  4d04f5f44c21f9ccda28433bddea30ce2fba7a548d7d40a46332e0d2b70079d0
- SHA512
  
  6373384150ec0dcf916d776a09a900092ff95a3f47e10684a8b43bbd200e2817ec6d89eb7e2da0dfac64a4535acda26b101b97d580ae4d8199cbe89c75b5bd29
- SSDEEP
  
  98304:RohD0nge1EtzppRfNAlG9H3bZGjiwwRk7v:RohrgEpBNAlwH3siwwab
Score

10^/10

gcleaner onlylogger socelars loader stealer xmrig miner
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- Socelars
  Socelars is an infostealer targeting browser cookies and credit card credentials.
  stealer socelars
- Socelars payload
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- OnlyLogger payload
- XMRig Miner payload
  miner
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

gcleaneronlyloggersocelarsloaderstealer

behavioral2

gcleaneronlyloggerxmrigloaderminer

© 2018-2025

Terms | Privacy