General

  • Target

    055e3d97992efa668f7cd92ee301ebf4_JaffaCakes118

  • Size

    337KB

  • Sample

    241001-l129jaxfmc

  • MD5

    055e3d97992efa668f7cd92ee301ebf4

  • SHA1

    326fb8c7e9fecb54570fdd9e3ee3165ca68658c9

  • SHA256

    090e8bd14dcd133d966ef11bf9ac340e9c55835d9a70c77a211cd15e8540a9a4

  • SHA512

    b8dc8317d049b4e3290badd6081c0bcadbd6c4a5af232395c96f92933c58da3de90cb846a7c1c707d7f306c547bb658871cfe3c73122ecea91ecb96d185710f8

  • SSDEEP

    6144:8NN9wy0tamsE/6suyzgdygi/T0Yr6cfee3cf/zC:8bOXtamUsuyzGpib0oLfe8c3z

Malware Config

Extracted

Family

gcleaner

C2

gcl-page.biz

194.145.227.161

Targets

    • Target

      055e3d97992efa668f7cd92ee301ebf4_JaffaCakes118

    • Size

      337KB

    • MD5

      055e3d97992efa668f7cd92ee301ebf4

    • SHA1

      326fb8c7e9fecb54570fdd9e3ee3165ca68658c9

    • SHA256

      090e8bd14dcd133d966ef11bf9ac340e9c55835d9a70c77a211cd15e8540a9a4

    • SHA512

      b8dc8317d049b4e3290badd6081c0bcadbd6c4a5af232395c96f92933c58da3de90cb846a7c1c707d7f306c547bb658871cfe3c73122ecea91ecb96d185710f8

    • SSDEEP

      6144:8NN9wy0tamsE/6suyzgdygi/T0Yr6cfee3cf/zC:8bOXtamUsuyzGpib0oLfe8c3z

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • OnlyLogger

      A tiny loader that uses IPLogger to get its payload.

    • OnlyLogger payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

MITRE ATT&CK Enterprise v15

Tasks