gcleaner

General

Target

2faa2fb291f71756412f6d3a7b64d1d11d93b18b66aa1d7007960361e97848bf.exe
Size

444KB
Sample

241121-ntewrs1eqd
MD5

0ca5761b2cd8f4a1d3a6172bcb40c2d6
SHA1

1c81699a6fff3c6b5ee0e9457f73a9d7640d6292
SHA256

2faa2fb291f71756412f6d3a7b64d1d11d93b18b66aa1d7007960361e97848bf
SHA512

3c4897953666c46f10dc9ff3dbcfed6c1e7ba647b763d72946513622fcdfa6da6d35c0b099322c23efe98837695759fd2d367d77f1883b0f3ca3ed39d7017168
SSDEEP

12288:blvgaJnWq36kMw03CPctkuGhAjeZMYJgiIUaf:bnJWq36kMTffjUMYmnf

Score

10^/10

Malware Config

Extracted

Family

gcleaner

C2

gcl-gb.biz

45.9.20.13

Targets

- Target
  
  2faa2fb291f71756412f6d3a7b64d1d11d93b18b66aa1d7007960361e97848bf.exe
- Size
  
  444KB
- MD5
  
  0ca5761b2cd8f4a1d3a6172bcb40c2d6
- SHA1
  
  1c81699a6fff3c6b5ee0e9457f73a9d7640d6292
- SHA256
  
  2faa2fb291f71756412f6d3a7b64d1d11d93b18b66aa1d7007960361e97848bf
- SHA512
  
  3c4897953666c46f10dc9ff3dbcfed6c1e7ba647b763d72946513622fcdfa6da6d35c0b099322c23efe98837695759fd2d367d77f1883b0f3ca3ed39d7017168
- SSDEEP
  
  12288:blvgaJnWq36kMw03CPctkuGhAjeZMYJgiIUaf:bnJWq36kMTffjUMYmnf
Score

10^/10

gcleaner onlylogger discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- Onlylogger family
  onlylogger
- OnlyLogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Gcleaner family

OnlyLogger

Onlylogger family

OnlyLogger payload

Checks computer location settings

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2