gcleaner | 3f70e988489df0e7eb8ff80460ad88e76464568113a451b8dd5bff16e39999c8 | Triage

Submit
Reports

Overview

overview

Static

static

3

5cb1e75311...18.exe

windows7-x64

5cb1e75311...18.exe

windows10-2004-x64

Sharing

General

Target

5cb1e75311bd45338d7c3daff1d841f2_JaffaCakes118
Size

231KB
Sample

240520-ctjn6sfg9t
MD5

5cb1e75311bd45338d7c3daff1d841f2
SHA1

460b6a6a4231419e241b6c82143cf763695d9116
SHA256

3f70e988489df0e7eb8ff80460ad88e76464568113a451b8dd5bff16e39999c8
SHA512

96cdf98c78633319a3874f958a7c79944ecc9c6eb8e854df96503ebf645ecb391236f72312fa3bf61528997162c59b1ff5b5d3e9dc2949e2c5c7cc1954cce57d
SSDEEP

3072:9s9ACsqizZSKeysSle1FtGYkvDG0qG/0Bq3Vw7GiDA4h56e:e96blIEY6Jn/zeGi89

Score

10^/10

gcleaner onlylogger loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5cb1e75311bd45338d7c3daff1d841f2_JaffaCakes118.exe

Resource

win7-20240419-en

gcleaner onlylogger loader

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

5cb1e75311bd45338d7c3daff1d841f2_JaffaCakes118.exe

Resource

win10v2004-20240426-en

gcleaner onlylogger loader

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

gc-partners.in

Targets

- Target
  
  5cb1e75311bd45338d7c3daff1d841f2_JaffaCakes118
- Size
  
  231KB
- MD5
  
  5cb1e75311bd45338d7c3daff1d841f2
- SHA1
  
  460b6a6a4231419e241b6c82143cf763695d9116
- SHA256
  
  3f70e988489df0e7eb8ff80460ad88e76464568113a451b8dd5bff16e39999c8
- SHA512
  
  96cdf98c78633319a3874f958a7c79944ecc9c6eb8e854df96503ebf645ecb391236f72312fa3bf61528997162c59b1ff5b5d3e9dc2949e2c5c7cc1954cce57d
- SSDEEP
  
  3072:9s9ACsqizZSKeysSle1FtGYkvDG0qG/0Bq3Vw7GiDA4h56e:e96blIEY6Jn/zeGi89
Score

10^/10

gcleaner onlylogger loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- OnlyLogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleaneronlyloggerloader

behavioral2

gcleaneronlyloggerloader

© 2018-2025

Terms | Privacy