gcleaner | 106f4196199e0bef0816cf89fa0f2b489cf633bd37a6524ad4d61015f2dc66b4 | Triage

Submit
Reports

Overview

overview

Static

static

3

f83506d690...0N.exe

windows7-x64

f83506d690...0N.exe

windows10-2004-x64

Sharing

General

Target

f83506d6903053d7cb3a3cf18fad72a0N.exe
Size

410KB
Sample

240829-fw7qkaxcpm
MD5

f83506d6903053d7cb3a3cf18fad72a0
SHA1

af0b8a751245d26bc9ad61062dd0366027eff3c1
SHA256

106f4196199e0bef0816cf89fa0f2b489cf633bd37a6524ad4d61015f2dc66b4
SHA512

262bcd4c0878694696b0df25e3749223c476b0b5239a1a0573cf803bb268500dfca58907d9d716690e3bdd7056c6e311cbea292bdf99399b44339e56a75a1510
SSDEEP

6144:L6dHwUpEuVLHBlvl949fsYeQogFuVBcRR8XIYLdsp2w4b+HGTWcPnkuG:L0wUpEAjbv749foQogFaX35w6+nknkV

Score

10^/10

gcleaner onlylogger discovery loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f83506d6903053d7cb3a3cf18fad72a0N.exe

Resource

win7-20240704-en

gcleaner onlylogger discovery loader

windows7-x64

9 signatures

120 seconds

Behavioral task

behavioral2

Sample

f83506d6903053d7cb3a3cf18fad72a0N.exe

Resource

win10v2004-20240802-en

gcleaner onlylogger discovery loader

windows10-2004-x64

10 signatures

120 seconds

Malware Config

Extracted

Family

gcleaner

C2

g-clean.in

Targets

- Target
  
  f83506d6903053d7cb3a3cf18fad72a0N.exe
- Size
  
  410KB
- MD5
  
  f83506d6903053d7cb3a3cf18fad72a0
- SHA1
  
  af0b8a751245d26bc9ad61062dd0366027eff3c1
- SHA256
  
  106f4196199e0bef0816cf89fa0f2b489cf633bd37a6524ad4d61015f2dc66b4
- SHA512
  
  262bcd4c0878694696b0df25e3749223c476b0b5239a1a0573cf803bb268500dfca58907d9d716690e3bdd7056c6e311cbea292bdf99399b44339e56a75a1510
- SSDEEP
  
  6144:L6dHwUpEuVLHBlvl949fsYeQogFuVBcRR8XIYLdsp2w4b+HGTWcPnkuG:L0wUpEAjbv749foQogFaX35w6+nknkV
Score

10^/10

gcleaner onlylogger discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- OnlyLogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleaneronlyloggerdiscoveryloader

behavioral2

gcleaneronlyloggerdiscoveryloader

© 2018-2025

Terms | Privacy