gcleaner

General

Target

b7d59a03bc8a405793ad211981c8e38d43884c56b1095470eaeb2b8d4bf7f00c.exe
Size

401KB
Sample

241124-lhl5lazmgp
MD5

1109b55da15dc95c8d6887c559cd8f7e
SHA1

2053f81200e37b3c95933fd9e6b889b4fe83bd7e
SHA256

b7d59a03bc8a405793ad211981c8e38d43884c56b1095470eaeb2b8d4bf7f00c
SHA512

4edc64eea5b454699f84df01645b75387bb825935d16ab11af8dfb1229edc9549b25eec00e5684d2b0a4aef5e372e0acc05871178f72ee400dddbe86bcde6c2e
SSDEEP

6144:SIAvu3x1GEVMtDURIvEk3GaXBBQfAO0ITVY75z4XShqe+nPr1ljy:SIUu3XZVMtDBvXhkVRTVYlznqe+Pr1E

Score

10^/10

Malware Config

Extracted

Family

gcleaner

C2

ppp-gl.biz

45.9.20.13

Targets

- Target
  
  b7d59a03bc8a405793ad211981c8e38d43884c56b1095470eaeb2b8d4bf7f00c.exe
- Size
  
  401KB
- MD5
  
  1109b55da15dc95c8d6887c559cd8f7e
- SHA1
  
  2053f81200e37b3c95933fd9e6b889b4fe83bd7e
- SHA256
  
  b7d59a03bc8a405793ad211981c8e38d43884c56b1095470eaeb2b8d4bf7f00c
- SHA512
  
  4edc64eea5b454699f84df01645b75387bb825935d16ab11af8dfb1229edc9549b25eec00e5684d2b0a4aef5e372e0acc05871178f72ee400dddbe86bcde6c2e
- SSDEEP
  
  6144:SIAvu3x1GEVMtDURIvEk3GaXBBQfAO0ITVY75z4XShqe+nPr1ljy:SIUu3XZVMtDBvXhkVRTVYlznqe+Pr1E
Score

10^/10

gcleaner onlylogger discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- Onlylogger family
  onlylogger
- OnlyLogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Gcleaner family

OnlyLogger

Onlylogger family

OnlyLogger payload

Checks computer location settings

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2