gcleaner | 6b057b128b1429ba9438f1101fd00d68171940538d47fe959831a8cc97165c67 | Triage

Submit
Reports

Overview

overview

Static

static

3

c6bc7c434f...18.exe

windows7-x64

c6bc7c434f...18.exe

windows10-2004-x64

Sharing

General

Target

c6bc7c434fe8b83b3de3c7ca08118cc2_JaffaCakes118
Size

424KB
Sample

240405-bh7fesfg8s
MD5

c6bc7c434fe8b83b3de3c7ca08118cc2
SHA1

54b15634573558745e4c2d91ac6c0d6a271c1b1c
SHA256

6b057b128b1429ba9438f1101fd00d68171940538d47fe959831a8cc97165c67
SHA512

50f3f8ddfc06286acb332d7ac88ef4923d9247df889126508cb2fcee9e6b3e38a8b97822d91f4d52ed783d3282fb2da28f0c2a7882299e02d3659c8bcccefd75
SSDEEP

6144:RhICu62ubK3N4MA5YYY6YYSUsSlXkjYQAZwFjefjjEtdUsL3r:miTuisSFkjYQA2FEjEtd

Score

10^/10

gcleaner onlylogger loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c6bc7c434fe8b83b3de3c7ca08118cc2_JaffaCakes118.exe

Resource

win7-20231129-en

gcleaner onlylogger loader

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

c6bc7c434fe8b83b3de3c7ca08118cc2_JaffaCakes118.exe

Resource

win10v2004-20231215-en

gcleaner onlylogger loader

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

ggg-cl.biz

45.9.20.13

Targets

- Target
  
  c6bc7c434fe8b83b3de3c7ca08118cc2_JaffaCakes118
- Size
  
  424KB
- MD5
  
  c6bc7c434fe8b83b3de3c7ca08118cc2
- SHA1
  
  54b15634573558745e4c2d91ac6c0d6a271c1b1c
- SHA256
  
  6b057b128b1429ba9438f1101fd00d68171940538d47fe959831a8cc97165c67
- SHA512
  
  50f3f8ddfc06286acb332d7ac88ef4923d9247df889126508cb2fcee9e6b3e38a8b97822d91f4d52ed783d3282fb2da28f0c2a7882299e02d3659c8bcccefd75
- SSDEEP
  
  6144:RhICu62ubK3N4MA5YYY6YYSUsSlXkjYQAZwFjefjjEtdUsL3r:miTuisSFkjYQA2FEjEtd
Score

10^/10

gcleaner onlylogger loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- OnlyLogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleaneronlyloggerloader

behavioral2

gcleaneronlyloggerloader

© 2018-2025

Terms | Privacy