gcleaner | af1404be2c159b04cf8ce107278e4ae2cd4c95c3139b40976785a18d0c10fc0c | Triage

Submit
Reports

Overview

overview

Static

static

3

d78925dc96...a6.exe

windows7-x64

d78925dc96...a6.exe

windows10-2004-x64

Sharing

General

Target

d78925dc962367ff8e647535ccef60a6
Size

369KB
Sample

240320-bgzdesch56
MD5

d78925dc962367ff8e647535ccef60a6
SHA1

8c03bf0fdde79177660ac7e2e1fd152a05b3baa0
SHA256

af1404be2c159b04cf8ce107278e4ae2cd4c95c3139b40976785a18d0c10fc0c
SHA512

6dd809b44b541573df5f153289a6b76bc5d7fc08cb9098347dd33139c399c79dcf5a059c1109aa5ae52b74886a9692012d1e40e26122dbf4a57d97dee474f694
SSDEEP

6144:kqQtyEy0HMztH49+hLzOKp++A1EBjBR+w9SxDHhx2xbVuAhz/OCsYiSMfUiznz:Ytfy0HMztXhLzLA+ywNA98x4AhbO9Yir

Score

10^/10

gcleaner onlylogger vidar loader stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d78925dc962367ff8e647535ccef60a6.exe

Resource

win7-20240220-en

gcleaner onlylogger vidar loader stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

d78925dc962367ff8e647535ccef60a6.exe

Resource

win10v2004-20240319-en

gcleaner onlylogger vidar loader stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

194.145.227.161

Targets

- Target
  
  d78925dc962367ff8e647535ccef60a6
- Size
  
  369KB
- MD5
  
  d78925dc962367ff8e647535ccef60a6
- SHA1
  
  8c03bf0fdde79177660ac7e2e1fd152a05b3baa0
- SHA256
  
  af1404be2c159b04cf8ce107278e4ae2cd4c95c3139b40976785a18d0c10fc0c
- SHA512
  
  6dd809b44b541573df5f153289a6b76bc5d7fc08cb9098347dd33139c399c79dcf5a059c1109aa5ae52b74886a9692012d1e40e26122dbf4a57d97dee474f694
- SSDEEP
  
  6144:kqQtyEy0HMztH49+hLzOKp++A1EBjBR+w9SxDHhx2xbVuAhz/OCsYiSMfUiznz:Ytfy0HMztXhLzLA+ywNA98x4AhbO9Yir
Score

10^/10

gcleaner onlylogger vidar loader stealer
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- OnlyLogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gcleaneronlyloggervidarloaderstealer

behavioral2

gcleaneronlyloggervidarloaderstealer

© 2018-2024

Terms | Privacy