gcleaner | 720713c32ba0f95e8d088a31e4bac9aa2f4c809e11129969292203a69a94b50e | Triage

Submit
Reports

Overview

overview

Static

static

3

75d1f63cd4...18.exe

windows7-x64

75d1f63cd4...18.exe

windows10-2004-x64

Sharing

General

Target

75d1f63cd45896a4fb490b8fab7b07fb_JaffaCakes118
Size

325KB
Sample

241025-cq61asshkc
MD5

75d1f63cd45896a4fb490b8fab7b07fb
SHA1

a8e1a002a0f08569aad788b57b8b71e4952c6321
SHA256

720713c32ba0f95e8d088a31e4bac9aa2f4c809e11129969292203a69a94b50e
SHA512

aa4165f5b8b726eaaaeab7e0f0b5e6ae9651cb4efa208e6243b0b4ecf4cfc9c964f66b6e03de36e321b40cc055ceb3d497b330923dd4e74a6bf43c9092aa0b91
SSDEEP

6144:Bon+yNDqHr2r4w+FUKSVNXmLKjxZrNVfs8V:afqHrw4bCj1vN2

Score

10^/10

gcleaner onlylogger discovery loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

75d1f63cd45896a4fb490b8fab7b07fb_JaffaCakes118.exe

Resource

win7-20240903-en

gcleaner onlylogger discovery loader

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

75d1f63cd45896a4fb490b8fab7b07fb_JaffaCakes118.exe

Resource

win10v2004-20241007-en

gcleaner onlylogger discovery loader

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

gc-prtnrs.top

gcc-prtnrs.top

Targets

- Target
  
  75d1f63cd45896a4fb490b8fab7b07fb_JaffaCakes118
- Size
  
  325KB
- MD5
  
  75d1f63cd45896a4fb490b8fab7b07fb
- SHA1
  
  a8e1a002a0f08569aad788b57b8b71e4952c6321
- SHA256
  
  720713c32ba0f95e8d088a31e4bac9aa2f4c809e11129969292203a69a94b50e
- SHA512
  
  aa4165f5b8b726eaaaeab7e0f0b5e6ae9651cb4efa208e6243b0b4ecf4cfc9c964f66b6e03de36e321b40cc055ceb3d497b330923dd4e74a6bf43c9092aa0b91
- SSDEEP
  
  6144:Bon+yNDqHr2r4w+FUKSVNXmLKjxZrNVfs8V:afqHrw4bCj1vN2
Score

10^/10

gcleaner onlylogger discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- OnlyLogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

gcleaneronlyloggerdiscoveryloader

behavioral2

gcleaneronlyloggerdiscoveryloader

© 2018-2025

Terms | Privacy