gcleaner | f7f7c01729574811e2a4e5c97beebbc1167b41050bc8bf86df72c47b33fb4e74 | Triage

Submit
Reports

Overview

overview

Static

static

3

d0d4119491...5a.exe

windows7-x64

d0d4119491...5a.exe

windows10-2004-x64

Sharing

General

Target

d0d4119491bc24c9de6456efad90af5a
Size

362KB
Sample

240317-pavnjsea58
MD5

d0d4119491bc24c9de6456efad90af5a
SHA1

fd71a1ac303f987523cfcdc18b1e46f570b19870
SHA256

f7f7c01729574811e2a4e5c97beebbc1167b41050bc8bf86df72c47b33fb4e74
SHA512

72778773b3d81aeb85460f5944d8eadcab51f723a46ebd8eefb04870fae6fdebca029dfb08e0372837600dda04db59de4656a3e6a625eddafda63ec62a28a96a
SSDEEP

6144:i23kVFbeYRM0CwNTkXMzWmK8Aj9Bnj5t6Q+GgE73nPvg7:LgleYRM09Tk8zWmhSDFt6Qzzg

Score

10^/10

gcleaner onlylogger loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d0d4119491bc24c9de6456efad90af5a.exe

Resource

win7-20240221-en

gcleaner onlylogger loader

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

d0d4119491bc24c9de6456efad90af5a.exe

Resource

win10v2004-20240226-en

gcleaner onlylogger loader

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

194.145.227.161

Targets

- Target
  
  d0d4119491bc24c9de6456efad90af5a
- Size
  
  362KB
- MD5
  
  d0d4119491bc24c9de6456efad90af5a
- SHA1
  
  fd71a1ac303f987523cfcdc18b1e46f570b19870
- SHA256
  
  f7f7c01729574811e2a4e5c97beebbc1167b41050bc8bf86df72c47b33fb4e74
- SHA512
  
  72778773b3d81aeb85460f5944d8eadcab51f723a46ebd8eefb04870fae6fdebca029dfb08e0372837600dda04db59de4656a3e6a625eddafda63ec62a28a96a
- SSDEEP
  
  6144:i23kVFbeYRM0CwNTkXMzWmK8Aj9Bnj5t6Q+GgE73nPvg7:LgleYRM09Tk8zWmhSDFt6Qzzg
Score

10^/10

gcleaner onlylogger loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- OnlyLogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gcleaneronlyloggerloader

behavioral2

gcleaneronlyloggerloader

© 2018-2024

Terms | Privacy