gcleaner | 608a5954935126b23854dccb0e9dccecac05692bddb60e40e1fa0e7e4a7da9ae | Triage

Submit
Reports

Overview

overview

Static

static

3

e326ac87b2...18.exe

windows7-x64

e326ac87b2...18.exe

windows10-2004-x64

Sharing

General

Target

e326ac87b2d6ae4807f0d680f6dfa0ac_JaffaCakes118
Size

256KB
Sample

240406-ylj6maab63
MD5

e326ac87b2d6ae4807f0d680f6dfa0ac
SHA1

1ef221e827869688acd583b726e66fbe6c009f5f
SHA256

608a5954935126b23854dccb0e9dccecac05692bddb60e40e1fa0e7e4a7da9ae
SHA512

f6556d856e2a3192d54e578be0c28138c95056a8fa94c627b5fb9140032ca3c71ebce0409cb1439b0779964fe3cc898c9c2ef56dacefb176b21060141993b3ed
SSDEEP

3072:YmL6RqdS1qngrr04pry208anopQNytUk3PgZhalO6Ryr8a4RO4mCZAQ:YmLfO04BY7NeUk3PMdnOROjCi

Score

10^/10

gcleaner onlylogger discovery loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e326ac87b2d6ae4807f0d680f6dfa0ac_JaffaCakes118.exe

Resource

win7-20231129-en

gcleaner onlylogger discovery loader

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

e326ac87b2d6ae4807f0d680f6dfa0ac_JaffaCakes118.exe

Resource

win10v2004-20240226-en

gcleaner onlylogger loader

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  e326ac87b2d6ae4807f0d680f6dfa0ac_JaffaCakes118
- Size
  
  256KB
- MD5
  
  e326ac87b2d6ae4807f0d680f6dfa0ac
- SHA1
  
  1ef221e827869688acd583b726e66fbe6c009f5f
- SHA256
  
  608a5954935126b23854dccb0e9dccecac05692bddb60e40e1fa0e7e4a7da9ae
- SHA512
  
  f6556d856e2a3192d54e578be0c28138c95056a8fa94c627b5fb9140032ca3c71ebce0409cb1439b0779964fe3cc898c9c2ef56dacefb176b21060141993b3ed
- SSDEEP
  
  3072:YmL6RqdS1qngrr04pry208anopQNytUk3PgZhalO6Ryr8a4RO4mCZAQ:YmLfO04BY7NeUk3PMdnOROjCi
Score

10^/10

gcleaner onlylogger discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- OnlyLogger payload
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gcleaneronlyloggerdiscoveryloader

behavioral2

gcleaneronlyloggerloader

© 2018-2024

Terms | Privacy