gcleaner | 4e01866db5ec52866e21eac49c4135d62fe712d8b64cee07bd755a2accf0340b | Triage

Submit
Reports

Overview

overview

Static

static

3

6402e14837...18.exe

windows7-x64

6402e14837...18.exe

windows10-2004-x64

Sharing

General

Target

6402e1483733ff33c0e0b7e8856d3d50_JaffaCakes118
Size

406KB
Sample

241020-ylsg1axarg
MD5

6402e1483733ff33c0e0b7e8856d3d50
SHA1

06eb7e31bae25f0247f0c3b9d4e3cd8fbc529d9b
SHA256

4e01866db5ec52866e21eac49c4135d62fe712d8b64cee07bd755a2accf0340b
SHA512

9de738391757853346d0b709ab7670b2bccaaef59ee91135bc5430145ac79bbae6ad657a01e915c4ddca65c718fc1dd214afc7346290f2f8478ff3bf2d3d444a
SSDEEP

6144:Qgb8zQt6txzTlV+/6I79o5kXlAnRxMSCZ0s6VqEs5NJUwxC8YaDl2HUFli3kLmb:yQtyViSI72El+Rx5DsVhxfuui3kLmb

Score

10^/10

gcleaner onlylogger discovery loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6402e1483733ff33c0e0b7e8856d3d50_JaffaCakes118.exe

Resource

win7-20240903-en

gcleaner onlylogger discovery loader

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

6402e1483733ff33c0e0b7e8856d3d50_JaffaCakes118.exe

Resource

win10v2004-20241007-en

gcleaner onlylogger discovery loader

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

ggc-partners.in

Targets

- Target
  
  6402e1483733ff33c0e0b7e8856d3d50_JaffaCakes118
- Size
  
  406KB
- MD5
  
  6402e1483733ff33c0e0b7e8856d3d50
- SHA1
  
  06eb7e31bae25f0247f0c3b9d4e3cd8fbc529d9b
- SHA256
  
  4e01866db5ec52866e21eac49c4135d62fe712d8b64cee07bd755a2accf0340b
- SHA512
  
  9de738391757853346d0b709ab7670b2bccaaef59ee91135bc5430145ac79bbae6ad657a01e915c4ddca65c718fc1dd214afc7346290f2f8478ff3bf2d3d444a
- SSDEEP
  
  6144:Qgb8zQt6txzTlV+/6I79o5kXlAnRxMSCZ0s6VqEs5NJUwxC8YaDl2HUFli3kLmb:yQtyViSI72El+Rx5DsVhxfuui3kLmb
Score

10^/10

gcleaner onlylogger discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- OnlyLogger payload
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleaneronlyloggerdiscoveryloader

behavioral2

gcleaneronlyloggerdiscoveryloader

© 2018-2024

Terms | Privacy