gcleaner | bac663f2a8d3a67131c6098f1864cbdd03eacee21b66a20591980f01456cab30 | Triage

Submit
Reports

Overview

overview

Static

static

3

325ad9cb87...18.exe

windows7-x64

325ad9cb87...18.exe

windows10-2004-x64

Sharing

General

Target

325ad9cb87d12330e7fc94507282f799_JaffaCakes118
Size

249KB
Sample

240511-ddz7nahb9z
MD5

325ad9cb87d12330e7fc94507282f799
SHA1

7e34a218700dcfc430a631cf64c72e9f0d2d39f7
SHA256

bac663f2a8d3a67131c6098f1864cbdd03eacee21b66a20591980f01456cab30
SHA512

47e75f47147dc919e808f70182decee3c3ee25391ad4a9672dc4fac88dbc80e684e53beba9afdb7946b019a6a623ab1f6012cba9265a178da52724cfa333a5e4
SSDEEP

3072:T/rqmkcOfBKfyJHlfDrCz4lZv3tXzBJTUJhpxyDXcF04yp0X57+x:jdKwfyrDi4FzBJQtc0y2d+

Score

10^/10

gcleaner onlylogger loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

325ad9cb87d12330e7fc94507282f799_JaffaCakes118.exe

Resource

win7-20231129-en

gcleaner onlylogger loader

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

325ad9cb87d12330e7fc94507282f799_JaffaCakes118.exe

Resource

win10v2004-20240508-en

gcleaner onlylogger loader

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

gc-partners.in

Targets

- Target
  
  325ad9cb87d12330e7fc94507282f799_JaffaCakes118
- Size
  
  249KB
- MD5
  
  325ad9cb87d12330e7fc94507282f799
- SHA1
  
  7e34a218700dcfc430a631cf64c72e9f0d2d39f7
- SHA256
  
  bac663f2a8d3a67131c6098f1864cbdd03eacee21b66a20591980f01456cab30
- SHA512
  
  47e75f47147dc919e808f70182decee3c3ee25391ad4a9672dc4fac88dbc80e684e53beba9afdb7946b019a6a623ab1f6012cba9265a178da52724cfa333a5e4
- SSDEEP
  
  3072:T/rqmkcOfBKfyJHlfDrCz4lZv3tXzBJTUJhpxyDXcF04yp0X57+x:jdKwfyrDi4FzBJQtc0y2d+
Score

10^/10

gcleaner onlylogger loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- OnlyLogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleaneronlyloggerloader

behavioral2

gcleaneronlyloggerloader

© 2018-2025

Terms | Privacy