onlylogger | 2056-317-0x0000000000400000-0x00000000016D5000-memory[.]dmp | Triage

Sharing

General

Target

2056-317-0x0000000000400000-0x00000000016D5000-memory.dmp
Size

5.6MB
MD5

cb067e33cdc75927b52e3df90fb8f74a
SHA1

7a010ff3b0487ae144088e085b4aa52b389a0b5f
SHA256

2608bb5098b1e32536942f1437985496304f347788a9850642ebe7bd24c17960
SHA512

4d51e923ed4111e0c4683168c3c7c771ea8385ea6152a22ba73d9d368faded571c63519118ad7dff43ee2d8d3e2264aeb2d6b9bf8df95ccb3329c53b6e2b8114
SSDEEP

12288:4QKrXIVtC/pj+yYSut/4NwN9l3JDzZL6xR:mro4U9NJ/ZL6x

Score

10^/10

onlylogger gcleaner

Malware Config

Extracted

Family

gcleaner

C2

ppp-gl.biz

45.9.20.13

Signatures

Gcleaner family
gcleaner

OnlyLogger payload 1 IoCs

resource	yara_rule
sample	family_onlylogger

Onlylogger family
onlylogger

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2056-317-0x0000000000400000-0x00000000016D5000-memory.dmp

Files

2056-317-0x0000000000400000-0x00000000016D5000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ