gcleaner | 5d9dc24f2de724f0921574f0589d39f79cbdd85cc817a6345267aa9aa9632a2b | Triage

Submit
Reports

Overview

overview

Static

static

3

084867eab2...7a.exe

windows7-x64

084867eab2...7a.exe

windows10-1703-x64

084867eab2...7a.exe

windows10-2004-x64

084867eab2...7a.exe

windows11-21h2-x64

Resubmissions

07-01-2024 18:07

240107-wqhr9abfcn 10

15-01-2022 08:40

220115-kkxhnsdham 10

Sharing

General

Target

084867eab2023c445721b0cd205ce47a.exe
Size

419KB
Sample

240107-wqhr9abfcn
MD5

084867eab2023c445721b0cd205ce47a
SHA1

0f465ee53425b4c9a963f6ecfe1119840fa810d7
SHA256

5d9dc24f2de724f0921574f0589d39f79cbdd85cc817a6345267aa9aa9632a2b
SHA512

58ec053935a7d8e2f206f3ecf76ab575dcf95736f1f23c2b8944ff4e5c31b3f6faaef20cd959a8206003c298e82770f456261a3122f815dd6347f08dd1992c3c
SSDEEP

6144:pryICqvsNS64vmvH3uSlMe1DjJY4aUWXCZnMDHzfA2PjdlIJfD0:pryIC2SHhMexi48y1MDTfA2dlq

Score

10^/10

gcleaner onlylogger loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

084867eab2023c445721b0cd205ce47a.exe

Resource

win7-20231215-en

gcleaner onlylogger loader

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

084867eab2023c445721b0cd205ce47a.exe

Resource

win10-20231220-en

gcleaner onlylogger loader

windows10-1703-x64

8 signatures

150 seconds

Behavioral task

behavioral3

Sample

084867eab2023c445721b0cd205ce47a.exe

Resource

win10v2004-20231215-en

gcleaner onlylogger loader

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral4

Sample

084867eab2023c445721b0cd205ce47a.exe

Resource

win11-20231222-en

gcleaner onlylogger loader

windows11-21h2-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

web-stat.biz

privatevolume.bi

Targets

- Target
  
  084867eab2023c445721b0cd205ce47a.exe
- Size
  
  419KB
- MD5
  
  084867eab2023c445721b0cd205ce47a
- SHA1
  
  0f465ee53425b4c9a963f6ecfe1119840fa810d7
- SHA256
  
  5d9dc24f2de724f0921574f0589d39f79cbdd85cc817a6345267aa9aa9632a2b
- SHA512
  
  58ec053935a7d8e2f206f3ecf76ab575dcf95736f1f23c2b8944ff4e5c31b3f6faaef20cd959a8206003c298e82770f456261a3122f815dd6347f08dd1992c3c
- SSDEEP
  
  6144:pryICqvsNS64vmvH3uSlMe1DjJY4aUWXCZnMDHzfA2PjdlIJfD0:pryIC2SHhMexi48y1MDTfA2dlq
Score

10^/10

gcleaner onlylogger loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- OnlyLogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleaneronlyloggerloader

behavioral2

gcleaneronlyloggerloader

behavioral3

gcleaneronlyloggerloader

behavioral4

gcleaneronlyloggerloader

© 2018-2024

Terms | Privacy