gcleaner | d1a299c8b89530ee091ceeb89c172bdd9317816825b68926b0e368714e74d27f

Resubmissions

07-01-2024 18:07

16-01-2022 12:55

max time kernel
88s
max time network
91s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
07-01-2024 18:07

Target

57620fe23fe46b9b50f5ec40bdc6b8fa.exe
Size

419KB
MD5

57620fe23fe46b9b50f5ec40bdc6b8fa
SHA1

fe38a4e6d66ad1cc621ea39e3d344d1fcd6227d2
SHA256

d1a299c8b89530ee091ceeb89c172bdd9317816825b68926b0e368714e74d27f
SHA512

671cd11456cc62533acfd62693db39488aa8964db4f4b4729ec1305b8b5550798bd1eae4107957eb5bc1b29d6023c8f28b0f33ccaf21a2b7169e5bf49125f1a3
SSDEEP

6144:1qH4z36C4T4+vJSMo6NH3IuMcWml++Em3aH5WO7qxCico7BEn8Zr1:1q5C64eGuMcWO+o3GzexCoyn85

Score

10^/10

Family

gcleaner

web-stat.biz

GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
loader gcleaner
OnlyLogger
A tiny loader that uses IPLogger to get its payload.
loader onlylogger

OnlyLogger payload 1 IoCs

Processes:

resource	yara_rule
behavioral4/memory/2332-2-0x00000000023C0000-0x000000000240C000-memory.dmp	family_onlylogger

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

572 2332 WerFault.exe 57620fe23fe46b9b50f5ec40bdc6b8fa.exe

pid	pid_target	process	target process
572	2332	WerFault.exe	57620fe23fe46b9b50f5ec40bdc6b8fa.exe

C:\Users\Admin\AppData\Local\Temp\57620fe23fe46b9b50f5ec40bdc6b8fa.exe
"C:\Users\Admin\AppData\Local\Temp\57620fe23fe46b9b50f5ec40bdc6b8fa.exe"
1⤵
PID:2332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 300
2⤵
- Program crash
PID:572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 2332 -ip 2332
1⤵
PID:3688

memory/2332-1-0x0000000000710000-0x0000000000810000-memory.dmp

Filesize
1024KB

Download
memory/2332-2-0x00000000023C0000-0x000000000240C000-memory.dmp

Filesize
304KB

Download