gcleaner | 82e0ed66e2650c788628836a9d26afd7c8abbecb0800e34404f8208f0b36f325 | Triage

Submit
Reports

Overview

overview

Static

static

3

20361cc8be...18.exe

windows7-x64

20361cc8be...18.exe

windows10-2004-x64

Sharing

General

Target

20361cc8be77827bdda587164cd27e58_JaffaCakes118
Size

358KB
Sample

241008-htmzgsxgqf
MD5

20361cc8be77827bdda587164cd27e58
SHA1

305e5a975e4d1a04f2a5e0ec6295512bec4d0764
SHA256

82e0ed66e2650c788628836a9d26afd7c8abbecb0800e34404f8208f0b36f325
SHA512

134dba23772dce5cd474c3d0d653bdd9b5062296a8b92a95cf2a92b0f08ba55bf3b10db75d6dc4813acb4cb7e8fcd29618c63efeb7a41494d7ac415a2375f83b
SSDEEP

6144:LEx3NT4+Hbpb9BHyUxyeHeKwTZlCAURJL2IWmUSMtEG9+w2P4:g3lx7pb9BHykleKwuA3myswu4

Score

10^/10

gcleaner onlylogger discovery loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

20361cc8be77827bdda587164cd27e58_JaffaCakes118.exe

Resource

win7-20240903-en

gcleaner onlylogger discovery loader

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

20361cc8be77827bdda587164cd27e58_JaffaCakes118.exe

Resource

win10v2004-20241007-en

gcleaner onlylogger discovery loader

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  20361cc8be77827bdda587164cd27e58_JaffaCakes118
- Size
  
  358KB
- MD5
  
  20361cc8be77827bdda587164cd27e58
- SHA1
  
  305e5a975e4d1a04f2a5e0ec6295512bec4d0764
- SHA256
  
  82e0ed66e2650c788628836a9d26afd7c8abbecb0800e34404f8208f0b36f325
- SHA512
  
  134dba23772dce5cd474c3d0d653bdd9b5062296a8b92a95cf2a92b0f08ba55bf3b10db75d6dc4813acb4cb7e8fcd29618c63efeb7a41494d7ac415a2375f83b
- SSDEEP
  
  6144:LEx3NT4+Hbpb9BHyUxyeHeKwTZlCAURJL2IWmUSMtEG9+w2P4:g3lx7pb9BHykleKwuA3myswu4
Score

10^/10

gcleaner onlylogger discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- OnlyLogger payload
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleaneronlyloggerdiscoveryloader

behavioral2

gcleaneronlyloggerdiscoveryloader

© 2018-2024

Terms | Privacy