gcleaner | 48ebd939838da5d8bda510ebd8ff6ea17f593b81179fff93ed57089531b175e6 | Triage

Submit
Reports

Overview

overview

Static

static

3

12ff9b8180...18.exe

windows7-x64

12ff9b8180...18.exe

windows10-2004-x64

Sharing

General

Target

12ff9b8180a4b96ed654499039e3f095_JaffaCakes118
Size

410KB
Sample

240626-w8l8dsxbqg
MD5

12ff9b8180a4b96ed654499039e3f095
SHA1

83c62c3d8a72f380665d2f73a47c1522a399459e
SHA256

48ebd939838da5d8bda510ebd8ff6ea17f593b81179fff93ed57089531b175e6
SHA512

060abd8539d0c7be47b5d6b730be4c5a5248da38a36cd9be8c98cb13bd0a0b3ec364834de467f4d895f3e521d41c54771ca10a2c9e0d95030e962c6c5141ac4c
SSDEEP

6144:ZHuPLzULqhKmWddRLkEuNZ+k5mS2Oxqw5/KtwqJL6uxOOOhxxdeTr/ekI:APvzhKmW7IRx2Of/CL6uCzxd6L

Score

10^/10

gcleaner onlylogger loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

12ff9b8180a4b96ed654499039e3f095_JaffaCakes118.exe

Resource

win7-20231129-en

gcleaner onlylogger loader

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

12ff9b8180a4b96ed654499039e3f095_JaffaCakes118.exe

Resource

win10v2004-20240226-en

gcleaner onlylogger loader

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

gcl-page.biz

194.145.227.161

Targets

- Target
  
  12ff9b8180a4b96ed654499039e3f095_JaffaCakes118
- Size
  
  410KB
- MD5
  
  12ff9b8180a4b96ed654499039e3f095
- SHA1
  
  83c62c3d8a72f380665d2f73a47c1522a399459e
- SHA256
  
  48ebd939838da5d8bda510ebd8ff6ea17f593b81179fff93ed57089531b175e6
- SHA512
  
  060abd8539d0c7be47b5d6b730be4c5a5248da38a36cd9be8c98cb13bd0a0b3ec364834de467f4d895f3e521d41c54771ca10a2c9e0d95030e962c6c5141ac4c
- SSDEEP
  
  6144:ZHuPLzULqhKmWddRLkEuNZ+k5mS2Oxqw5/KtwqJL6uxOOOhxxdeTr/ekI:APvzhKmW7IRx2Of/CL6uCzxd6L
Score

10^/10

gcleaner onlylogger loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- OnlyLogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleaneronlyloggerloader

behavioral2

gcleaneronlyloggerloader

© 2018-2025

Terms | Privacy