gcleaner | 5d9dc24f2de724f0921574f0589d39f79cbdd85cc817a6345267aa9aa9632a2b

Resubmissions

07/01/2024, 18:07 UTC

240107-wqhr9abfcn 10

15/01/2022, 08:40 UTC

220115-kkxhnsdham 10

Analysis

max time kernel
88s
max time network
99s
platform
windows11-21h2_x64
resource
win11-20231222-en
resource tags

arch:x64arch:x86image:win11-20231222-enlocale:en-usos:windows11-21h2-x64system
submitted
07/01/2024, 18:07 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

084867eab2023c445721b0cd205ce47a.exe
Size

419KB
MD5

084867eab2023c445721b0cd205ce47a
SHA1

0f465ee53425b4c9a963f6ecfe1119840fa810d7
SHA256

5d9dc24f2de724f0921574f0589d39f79cbdd85cc817a6345267aa9aa9632a2b
SHA512

58ec053935a7d8e2f206f3ecf76ab575dcf95736f1f23c2b8944ff4e5c31b3f6faaef20cd959a8206003c298e82770f456261a3122f815dd6347f08dd1992c3c
SSDEEP

6144:pryICqvsNS64vmvH3uSlMe1DjJY4aUWXCZnMDHzfA2PjdlIJfD0:pryIC2SHhMexi48y1MDTfA2dlq

Score

10^/10

gcleaner onlylogger loader

Malware Config

Extracted

Family

gcleaner

web-stat.biz

Signatures

GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
loader gcleaner
OnlyLogger
A tiny loader that uses IPLogger to get its payload.
loader onlylogger

OnlyLogger payload 1 IoCs

resource	yara_rule
behavioral4/memory/2248-2-0x0000000000AD0000-0x0000000000B1C000-memory.dmp	family_onlylogger

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2024	2248	WerFault.exe	78

C:\Users\Admin\AppData\Local\Temp\084867eab2023c445721b0cd205ce47a.exe
"C:\Users\Admin\AppData\Local\Temp\084867eab2023c445721b0cd205ce47a.exe"
1⤵
PID:2248
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 264
  2⤵
  - Program crash
  PID:2024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 2248 -ip 2248
1⤵
PID:3096

Network

DNS

43.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.229.111.52.in-addr.arpa

IN PTR

Response

52.111.243.31:443

322 B
7

8.8.8.8:53

43.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

43.229.111.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2248-1-0x0000000000600000-0x0000000000700000-memory.dmp

Filesize
1024KB

Download
memory/2248-2-0x0000000000AD0000-0x0000000000B1C000-memory.dmp

Filesize
304KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.