General

  • Target

    98bc80b02b6ecf624e725404fc1841a1_JaffaCakes118

  • Size

    286KB

  • Sample

    241125-c8k6jszndl

  • MD5

    98bc80b02b6ecf624e725404fc1841a1

  • SHA1

    7a60ed9be96c5a70f5171b2873454bf9d0e2c05f

  • SHA256

    454b57e15fb974a87afa3fcda4640319fb5fd568daf6c90d5161a820b5d3bdbb

  • SHA512

    51194423f7fd82441301e8a8a028951ae8cbb4a32cf2824f7c746b6857a42db89f007fb4adeafa5163f0a6a3eab168d3709845268967abbbd4bdeced66108a3b

  • SSDEEP

    6144:OT22Fj/TyCpr1pzcEytC5dyP1cOGJV2b:OT22FjOCpANKd7j2b

Malware Config

Extracted

Family

gcleaner

C2

gcl-page.biz

194.145.227.161

Targets

    • Target

      98bc80b02b6ecf624e725404fc1841a1_JaffaCakes118

    • Size

      286KB

    • MD5

      98bc80b02b6ecf624e725404fc1841a1

    • SHA1

      7a60ed9be96c5a70f5171b2873454bf9d0e2c05f

    • SHA256

      454b57e15fb974a87afa3fcda4640319fb5fd568daf6c90d5161a820b5d3bdbb

    • SHA512

      51194423f7fd82441301e8a8a028951ae8cbb4a32cf2824f7c746b6857a42db89f007fb4adeafa5163f0a6a3eab168d3709845268967abbbd4bdeced66108a3b

    • SSDEEP

      6144:OT22Fj/TyCpr1pzcEytC5dyP1cOGJV2b:OT22FjOCpANKd7j2b

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Gcleaner family

    • OnlyLogger

      A tiny loader that uses IPLogger to get its payload.

    • Onlylogger family

    • OnlyLogger payload

MITRE ATT&CK Enterprise v15

Tasks