gcleaner | 4eab6e8b3e7bf91ab9d323935715298a04def2f07bc0209d0b2b95fef220fb21

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21-04-2024 17:37

Target

ffceaff232f2e205e1dbba7197a28a9a_JaffaCakes118.exe
Size

279KB
MD5

ffceaff232f2e205e1dbba7197a28a9a
SHA1

f803f4e45d7762b5b383792eeb8f0246ba136a6a
SHA256

4eab6e8b3e7bf91ab9d323935715298a04def2f07bc0209d0b2b95fef220fb21
SHA512

35bad1e25e4dabb8d062330ed7ffb649eff15f9244e1f0044c81369f79c318d34ad24ea25b18b97f118b2782acf97d2f491ef5587458855a4990ceea43ff584c
SSDEEP

6144:WCIaFPby7cvOOK9qGGxhFCJiS+4TKfBECyVMzcc0g:75by7cv89qGGbM4x4TKfBECoB

Score

10^/10

Family

gcleaner

194.145.227.161

GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
loader gcleaner
OnlyLogger
A tiny loader that uses IPLogger to get its payload.
loader onlylogger

OnlyLogger payload 3 IoCs

Processes:

resource	yara_rule
behavioral1/memory/3024-2-0x0000000000220000-0x000000000024F000-memory.dmp	family_onlylogger
behavioral1/memory/3024-3-0x0000000000400000-0x0000000002B51000-memory.dmp	family_onlylogger
behavioral1/memory/3024-4-0x0000000000400000-0x0000000002B51000-memory.dmp	family_onlylogger

C:\Users\Admin\AppData\Local\Temp\ffceaff232f2e205e1dbba7197a28a9a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ffceaff232f2e205e1dbba7197a28a9a_JaffaCakes118.exe"
1⤵
PID:3024

memory/3024-1-0x0000000002C40000-0x0000000002D40000-memory.dmp

Filesize
1024KB

Download
memory/3024-2-0x0000000000220000-0x000000000024F000-memory.dmp

Filesize
188KB

Download
memory/3024-3-0x0000000000400000-0x0000000002B51000-memory.dmp

Filesize
39.3MB

Download
memory/3024-4-0x0000000000400000-0x0000000002B51000-memory.dmp

Filesize
39.3MB

Download
memory/3024-6-0x0000000002C40000-0x0000000002D40000-memory.dmp

Filesize
1024KB

Download