gcleaner | 1175ebdd0113fd93eadaa2bf5b3633981e4b9606ee52b8dccff2a3ef9dce297b | Triage

Submit
Reports

Overview

overview

Static

static

3

fa586e99c8...18.exe

windows7-x64

fa586e99c8...18.exe

windows10-2004-x64

Sharing

General

Target

fa586e99c8ab70b0cabafd3590ba3048_JaffaCakes118
Size

351KB
Sample

240419-p77dlsda78
MD5

fa586e99c8ab70b0cabafd3590ba3048
SHA1

afb14e3bf00bdf57e2c321e34cf00b45fbad830a
SHA256

1175ebdd0113fd93eadaa2bf5b3633981e4b9606ee52b8dccff2a3ef9dce297b
SHA512

af657e8309d76b62d517da0d91e4885a2ba0f1816ad5e70f4291124027b346ab8d69874c8ed57ed570d4ebe4849e0cc5a2495bc6829ae88eafa1ae297dbde440
SSDEEP

6144:VRp0rKNJkQ2vwzkIIZwpfGQJCyr3tN/dwcn45zfKGSmkbsf0+qouPZX:ZkKnkQ2v5IIxQJTGc4zKGSaR5uxX

Score

10^/10

gcleaner onlylogger discovery loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fa586e99c8ab70b0cabafd3590ba3048_JaffaCakes118.exe

Resource

win7-20240220-en

gcleaner onlylogger discovery loader

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

fa586e99c8ab70b0cabafd3590ba3048_JaffaCakes118.exe

Resource

win10v2004-20240412-en

gcleaner onlylogger loader

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  fa586e99c8ab70b0cabafd3590ba3048_JaffaCakes118
- Size
  
  351KB
- MD5
  
  fa586e99c8ab70b0cabafd3590ba3048
- SHA1
  
  afb14e3bf00bdf57e2c321e34cf00b45fbad830a
- SHA256
  
  1175ebdd0113fd93eadaa2bf5b3633981e4b9606ee52b8dccff2a3ef9dce297b
- SHA512
  
  af657e8309d76b62d517da0d91e4885a2ba0f1816ad5e70f4291124027b346ab8d69874c8ed57ed570d4ebe4849e0cc5a2495bc6829ae88eafa1ae297dbde440
- SSDEEP
  
  6144:VRp0rKNJkQ2vwzkIIZwpfGQJCyr3tN/dwcn45zfKGSmkbsf0+qouPZX:ZkKnkQ2v5IIxQJTGc4zKGSaR5uxX
Score

10^/10

gcleaner onlylogger discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- OnlyLogger payload
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gcleaneronlyloggerdiscoveryloader

behavioral2

gcleaneronlyloggerloader

© 2018-2024

Terms | Privacy