gcleaner | 9bae7ac9a2137a2ee80c91bdec7cf9e475a2c9e7822b1a2c63a63516cf00733d | Triage

Submit
Reports

Overview

overview

Static

static

3

b5b72dd827...18.exe

windows7-x64

b5b72dd827...18.exe

windows10-2004-x64

Sharing

General

Target

b5b72dd8278704a788474db8f2f49ded_JaffaCakes118
Size

386KB
Sample

240822-a7ldtatcnm
MD5

b5b72dd8278704a788474db8f2f49ded
SHA1

86e29037f5340e11c4ccd82f87ba63078478f8fe
SHA256

9bae7ac9a2137a2ee80c91bdec7cf9e475a2c9e7822b1a2c63a63516cf00733d
SHA512

cde580116165fa59ff82e979c09588af16984896b85c225c19cf2c58212f0e8c498918b9ed71954f3d84b6163fd7f0513bbe5dd28463aac906946aac6830bfcf
SSDEEP

12288:TtJluZ+meKuRmj6E+hlYLyCRTG99vOKUol:jUQkEPYL1W5Oe

Score

10^/10

gcleaner onlylogger discovery loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b5b72dd8278704a788474db8f2f49ded_JaffaCakes118.exe

Resource

win7-20240708-en

gcleaner onlylogger discovery loader

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

b5b72dd8278704a788474db8f2f49ded_JaffaCakes118.exe

Resource

win10v2004-20240802-en

gcleaner onlylogger discovery loader

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

gcleaner.pro

Targets

- Target
  
  b5b72dd8278704a788474db8f2f49ded_JaffaCakes118
- Size
  
  386KB
- MD5
  
  b5b72dd8278704a788474db8f2f49ded
- SHA1
  
  86e29037f5340e11c4ccd82f87ba63078478f8fe
- SHA256
  
  9bae7ac9a2137a2ee80c91bdec7cf9e475a2c9e7822b1a2c63a63516cf00733d
- SHA512
  
  cde580116165fa59ff82e979c09588af16984896b85c225c19cf2c58212f0e8c498918b9ed71954f3d84b6163fd7f0513bbe5dd28463aac906946aac6830bfcf
- SSDEEP
  
  12288:TtJluZ+meKuRmj6E+hlYLyCRTG99vOKUol:jUQkEPYL1W5Oe
Score

10^/10

gcleaner onlylogger discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- OnlyLogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleaneronlyloggerdiscoveryloader

behavioral2

gcleaneronlyloggerdiscoveryloader

© 2018-2025

Terms | Privacy