gcleaner | 9341c363fb112f766c7387e89e2ab3e72c4f943da2fa4b8bf903831752c5a68c | Triage

Submit
Reports

Overview

overview

Static

static

3

777bcb883a...18.exe

windows7-x64

777bcb883a...18.exe

windows10-2004-x64

Sharing

General

Target

777bcb883a1871f426cc9c680b37e2c9_JaffaCakes118
Size

344KB
Sample

241028-d7g8yaxlet
MD5

777bcb883a1871f426cc9c680b37e2c9
SHA1

c0219b73585f6d41d5ac7394d6e97d009b555083
SHA256

9341c363fb112f766c7387e89e2ab3e72c4f943da2fa4b8bf903831752c5a68c
SHA512

f3a16d34c489678f4229126cfdde343a4c6f9b9a27e725f786748601f50ec9f7ec01a53d24d5f8099f707d2ead4a6cdcc93de72563c1d5fdc41d710919368cd0
SSDEEP

6144:yr4wRnsnFJ6Mw+o3baaWNA4SfqJL6hVOOhxxdeTr/ekI:WnWJ61rbaaWNAhAL6hxzxd6L

Score

10^/10

gcleaner onlylogger discovery loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

777bcb883a1871f426cc9c680b37e2c9_JaffaCakes118.exe

Resource

win7-20240903-en

gcleaner onlylogger discovery loader

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

777bcb883a1871f426cc9c680b37e2c9_JaffaCakes118.exe

Resource

win10v2004-20241007-en

gcleaner onlylogger discovery loader

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

gcl-page.biz

194.145.227.161

Targets

- Target
  
  777bcb883a1871f426cc9c680b37e2c9_JaffaCakes118
- Size
  
  344KB
- MD5
  
  777bcb883a1871f426cc9c680b37e2c9
- SHA1
  
  c0219b73585f6d41d5ac7394d6e97d009b555083
- SHA256
  
  9341c363fb112f766c7387e89e2ab3e72c4f943da2fa4b8bf903831752c5a68c
- SHA512
  
  f3a16d34c489678f4229126cfdde343a4c6f9b9a27e725f786748601f50ec9f7ec01a53d24d5f8099f707d2ead4a6cdcc93de72563c1d5fdc41d710919368cd0
- SSDEEP
  
  6144:yr4wRnsnFJ6Mw+o3baaWNA4SfqJL6hVOOhxxdeTr/ekI:WnWJ61rbaaWNAhAL6hxzxd6L
Score

10^/10

gcleaner onlylogger discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- Onlylogger family
  onlylogger
- OnlyLogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

gcleaneronlyloggerdiscoveryloader

behavioral2

gcleaneronlyloggerdiscoveryloader

© 2018-2024

Terms | Privacy