General

  • Target

    749bdb421750e541d7105c7b23aae529_JaffaCakes118

  • Size

    351KB

  • Sample

    241024-v78jkatgle

  • MD5

    749bdb421750e541d7105c7b23aae529

  • SHA1

    1773f8dcabe2382a3f1d29f78652591662ab60a1

  • SHA256

    de4951605496dbd1b5e05f579b2601f45c459b9154b2c6a215517c4f8b3d0daf

  • SHA512

    5afe0e48464dd28499c0f4bf416e6806e05515926f80ad7722042fe39b6a3fe37e7d236445483a6ad4c0c5e81f7d930755772963431845a2d7ae4c9c65cf684d

  • SSDEEP

    6144:zK+v8C1X5Oe4SlCRtNFPQGqE2H8AxXzrRgbmjTwa/RxJg:zK+v8CTOk2TDqE2H84ROyY

Malware Config

Extracted

Family

gcleaner

C2

gc-prtnrs.top

gcc-prtnrs.top

Targets

    • Target

      749bdb421750e541d7105c7b23aae529_JaffaCakes118

    • Size

      351KB

    • MD5

      749bdb421750e541d7105c7b23aae529

    • SHA1

      1773f8dcabe2382a3f1d29f78652591662ab60a1

    • SHA256

      de4951605496dbd1b5e05f579b2601f45c459b9154b2c6a215517c4f8b3d0daf

    • SHA512

      5afe0e48464dd28499c0f4bf416e6806e05515926f80ad7722042fe39b6a3fe37e7d236445483a6ad4c0c5e81f7d930755772963431845a2d7ae4c9c65cf684d

    • SSDEEP

      6144:zK+v8C1X5Oe4SlCRtNFPQGqE2H8AxXzrRgbmjTwa/RxJg:zK+v8CTOk2TDqE2H84ROyY

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • OnlyLogger

      A tiny loader that uses IPLogger to get its payload.

    • OnlyLogger payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

MITRE ATT&CK Enterprise v15

Tasks