gcleaner | 5d9dc24f2de724f0921574f0589d39f79cbdd85cc817a6345267aa9aa9632a2b

Resubmissions

07-01-2024 18:07

15-01-2022 08:40

max time kernel
88s
max time network
99s
platform
windows11-21h2_x64
resource
win11-20231222-en
resource tags

arch:x64arch:x86image:win11-20231222-enlocale:en-usos:windows11-21h2-x64system
submitted
07-01-2024 18:07

Target

084867eab2023c445721b0cd205ce47a.exe
Size

419KB
MD5

084867eab2023c445721b0cd205ce47a
SHA1

0f465ee53425b4c9a963f6ecfe1119840fa810d7
SHA256

5d9dc24f2de724f0921574f0589d39f79cbdd85cc817a6345267aa9aa9632a2b
SHA512

58ec053935a7d8e2f206f3ecf76ab575dcf95736f1f23c2b8944ff4e5c31b3f6faaef20cd959a8206003c298e82770f456261a3122f815dd6347f08dd1992c3c
SSDEEP

6144:pryICqvsNS64vmvH3uSlMe1DjJY4aUWXCZnMDHzfA2PjdlIJfD0:pryIC2SHhMexi48y1MDTfA2dlq

Score

10^/10

Family

gcleaner

web-stat.biz

GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
loader gcleaner
OnlyLogger
A tiny loader that uses IPLogger to get its payload.
loader onlylogger

OnlyLogger payload 1 IoCs

Processes:

resource	yara_rule
behavioral4/memory/2248-2-0x0000000000AD0000-0x0000000000B1C000-memory.dmp	family_onlylogger

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2024 2248 WerFault.exe 084867eab2023c445721b0cd205ce47a.exe

pid	pid_target	process	target process
2024	2248	WerFault.exe	084867eab2023c445721b0cd205ce47a.exe

C:\Users\Admin\AppData\Local\Temp\084867eab2023c445721b0cd205ce47a.exe
"C:\Users\Admin\AppData\Local\Temp\084867eab2023c445721b0cd205ce47a.exe"
1⤵
PID:2248
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 264
  2⤵
  - Program crash
  PID:2024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 2248 -ip 2248
1⤵
PID:3096

memory/2248-1-0x0000000000600000-0x0000000000700000-memory.dmp

Filesize
1024KB

Download
memory/2248-2-0x0000000000AD0000-0x0000000000B1C000-memory.dmp

Filesize
304KB

Download