gcleaner | 4ce6cd07bcac1f637e4b5202c91957d3b3d0f77c19dbe53e0ef30f7baf766f39 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

2af5a00d00...18.exe

windows7-x64

2af5a00d00...18.exe

windows10-2004-x64

Sharing

General

Target

2af5a00d00befdcbc1a04d8a993ddfeb_JaffaCakes118
Size

227KB
Sample

240509-vhe6qaff93
MD5

2af5a00d00befdcbc1a04d8a993ddfeb
SHA1

838211204c6a17149aa027882d4be61c4b29ce33
SHA256

4ce6cd07bcac1f637e4b5202c91957d3b3d0f77c19dbe53e0ef30f7baf766f39
SHA512

866efcf751fe16d1607a17d16248b9bf68127f455a90c485628d7d45fce7155b705b38882e6bad83c9c926b5fad3189914e08312aa775b481678daf5dd5fc97b
SSDEEP

6144:/XPJatRoWtse+j/NZTEO4qyEKI7NvS/LBDqB54XB:JMWWtx8jrBNKlD64XB

Score

10^/10

gcleaner onlylogger loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2af5a00d00befdcbc1a04d8a993ddfeb_JaffaCakes118.exe

Resource

win7-20240221-en

gcleaner onlylogger loader

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

2af5a00d00befdcbc1a04d8a993ddfeb_JaffaCakes118.exe

Resource

win10v2004-20240508-en

gcleaner onlylogger loader

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

gc-partners.in

Targets

- Target
  
  2af5a00d00befdcbc1a04d8a993ddfeb_JaffaCakes118
- Size
  
  227KB
- MD5
  
  2af5a00d00befdcbc1a04d8a993ddfeb
- SHA1
  
  838211204c6a17149aa027882d4be61c4b29ce33
- SHA256
  
  4ce6cd07bcac1f637e4b5202c91957d3b3d0f77c19dbe53e0ef30f7baf766f39
- SHA512
  
  866efcf751fe16d1607a17d16248b9bf68127f455a90c485628d7d45fce7155b705b38882e6bad83c9c926b5fad3189914e08312aa775b481678daf5dd5fc97b
- SSDEEP
  
  6144:/XPJatRoWtse+j/NZTEO4qyEKI7NvS/LBDqB54XB:JMWWtx8jrBNKlD64XB
Score

10^/10

gcleaner onlylogger loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- OnlyLogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleaneronlyloggerloader

behavioral2

gcleaneronlyloggerloader

© 2018-2025

Terms | Privacy