gcleaner | 5e2feff937da52c7caa0ee241a71d7d032866ebab913e3fd83028051a020c9ad | Triage

Submit
Reports

Overview

overview

Static

static

3

5d33584d5d...18.exe

windows7-x64

7

5d33584d5d...18.exe

windows10-2004-x64

Sharing

General

Target

5d33584d5dfa1eb57d4b5915d7b5c86e_JaffaCakes118
Size

1.4MB
Sample

241019-sehfkasbmf
MD5

5d33584d5dfa1eb57d4b5915d7b5c86e
SHA1

1333239d95ae4eb3d95b8ef1a77a67eaa373cd88
SHA256

5e2feff937da52c7caa0ee241a71d7d032866ebab913e3fd83028051a020c9ad
SHA512

560e887867c56bf53987bee5738fe659d21869ee4f9b41c352b28403e4ea5dfa007ccebcb6ccff329e9c5adf396976da8bfe4945d656e3c27c9bca176f71fc86
SSDEEP

24576:G1e9yBNlug9312KoVPsT6npmwhw042QgWQqY:h9sNQSYKoVkT6n4whwL2QgWi

Score

10^/10

gcleaner onlylogger xmrig discovery loader miner

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5d33584d5dfa1eb57d4b5915d7b5c86e_JaffaCakes118.exe

Resource

win7-20240729-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

5d33584d5dfa1eb57d4b5915d7b5c86e_JaffaCakes118.exe

Resource

win10v2004-20241007-en

gcleaner onlylogger xmrig discovery loader miner

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

ggc-partners.top

ggc-partners.in

Targets

- Target
  
  5d33584d5dfa1eb57d4b5915d7b5c86e_JaffaCakes118
- Size
  
  1.4MB
- MD5
  
  5d33584d5dfa1eb57d4b5915d7b5c86e
- SHA1
  
  1333239d95ae4eb3d95b8ef1a77a67eaa373cd88
- SHA256
  
  5e2feff937da52c7caa0ee241a71d7d032866ebab913e3fd83028051a020c9ad
- SHA512
  
  560e887867c56bf53987bee5738fe659d21869ee4f9b41c352b28403e4ea5dfa007ccebcb6ccff329e9c5adf396976da8bfe4945d656e3c27c9bca176f71fc86
- SSDEEP
  
  24576:G1e9yBNlug9312KoVPsT6npmwhw042QgWQqY:h9sNQSYKoVkT6n4whwL2QgWi
Score

10^/10

discovery gcleaner onlylogger xmrig loader miner
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- OnlyLogger payload
- XMRig Miner payload
  miner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

gcleaneronlyloggerxmrigdiscoveryloaderminer

© 2018-2024

Terms | Privacy