gcleaner

General

Target

7f660b3298f73735b2ed7872f1441ccd_JaffaCakes118
Size

398KB
Sample

241030-qx9lnasrhz
MD5

7f660b3298f73735b2ed7872f1441ccd
SHA1

91f1a81fc50b6de12a3d1f2c2979d8361257ffaf
SHA256

c13ecbd3925ff79e202fa6a09e2dbab7efc52470e72d15e16aed8319767950f7
SHA512

723194a9fe300d1606d51db8014e1444b0605d0d02cb990f292e878f1250f4bd8a748d1d2dc1759f73eebc3311ae696d9b7f34e6cc542f31b5c129e57e949dbf
SSDEEP

6144:WNGIZN+uTOGcz91LArlBLwqTYwoIWUM0qJL6vOOhxxdeTr/ekI:TuTOX918RBLwgOIW9L6Tzxd6L

Score

10^/10

Malware Config

Extracted

Family

gcleaner

C2

gcl-page.biz

194.145.227.161

Targets

- Target
  
  7f660b3298f73735b2ed7872f1441ccd_JaffaCakes118
- Size
  
  398KB
- MD5
  
  7f660b3298f73735b2ed7872f1441ccd
- SHA1
  
  91f1a81fc50b6de12a3d1f2c2979d8361257ffaf
- SHA256
  
  c13ecbd3925ff79e202fa6a09e2dbab7efc52470e72d15e16aed8319767950f7
- SHA512
  
  723194a9fe300d1606d51db8014e1444b0605d0d02cb990f292e878f1250f4bd8a748d1d2dc1759f73eebc3311ae696d9b7f34e6cc542f31b5c129e57e949dbf
- SSDEEP
  
  6144:WNGIZN+uTOGcz91LArlBLwqTYwoIWUM0qJL6vOOhxxdeTr/ekI:TuTOX918RBLwgOIW9L6Tzxd6L
Score

10^/10

gcleaner onlylogger discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- Onlylogger family
  onlylogger
- OnlyLogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Gcleaner family

OnlyLogger

Onlylogger family

OnlyLogger payload

Checks computer location settings

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2