gcleaner | 57ffddbb441a4ef819f4f6024ea6aeb42017e2a4e997db04475b3088a4bc0767 | Triage

Submit
Reports

Overview

overview

Static

static

3

9acb03ff49...18.exe

windows7-x64

9acb03ff49...18.exe

windows10-2004-x64

Sharing

General

Target

9acb03ff49f8917ae3d985f83f4dc97e_JaffaCakes118
Size

385KB
Sample

240815-t53pvssaqe
MD5

9acb03ff49f8917ae3d985f83f4dc97e
SHA1

be15eadc65334095a590ca1df0150b2007b89c55
SHA256

57ffddbb441a4ef819f4f6024ea6aeb42017e2a4e997db04475b3088a4bc0767
SHA512

6ba2c1875f3247737d5fedf76e72ba05cfcb20bd574b37a076cd89b0dfcd847f9b48a12cfa9ff56c5aea7c35f1d0d88dbda160d799583986c348b4047aa002d9
SSDEEP

12288:glIeRbKUgLS1YjJuIm5XnbfICT8VnU/6Br0:q/g21coMCTWUO

Score

10^/10

gcleaner onlylogger discovery loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9acb03ff49f8917ae3d985f83f4dc97e_JaffaCakes118.exe

Resource

win7-20240705-en

gcleaner onlylogger discovery loader

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

9acb03ff49f8917ae3d985f83f4dc97e_JaffaCakes118.exe

Resource

win10v2004-20240802-en

gcleaner onlylogger discovery loader

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

gcleaner.pro

Targets

- Target
  
  9acb03ff49f8917ae3d985f83f4dc97e_JaffaCakes118
- Size
  
  385KB
- MD5
  
  9acb03ff49f8917ae3d985f83f4dc97e
- SHA1
  
  be15eadc65334095a590ca1df0150b2007b89c55
- SHA256
  
  57ffddbb441a4ef819f4f6024ea6aeb42017e2a4e997db04475b3088a4bc0767
- SHA512
  
  6ba2c1875f3247737d5fedf76e72ba05cfcb20bd574b37a076cd89b0dfcd847f9b48a12cfa9ff56c5aea7c35f1d0d88dbda160d799583986c348b4047aa002d9
- SSDEEP
  
  12288:glIeRbKUgLS1YjJuIm5XnbfICT8VnU/6Br0:q/g21coMCTWUO
Score

10^/10

gcleaner onlylogger discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- OnlyLogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleaneronlyloggerdiscoveryloader

behavioral2

gcleaneronlyloggerdiscoveryloader

© 2018-2025

Terms | Privacy