gcleaner

General

Target

0970b2e0391fe778c790d0c7ecb98d36def554fbfe1f3776b8cbf7f96eddc684.exe
Size

332KB
Sample

241127-dqcxwstqgy
MD5

d8a65cfcfad34a96ec277ac0952b4d7e
SHA1

4efebca2c304837e12bca351529f1963bc479799
SHA256

0970b2e0391fe778c790d0c7ecb98d36def554fbfe1f3776b8cbf7f96eddc684
SHA512

dd6253508c85ea897507d767fb65e00d813f816a2010e26c4c781f94b246c5d540b4b2591a93f51b31da34476b224e07e979a99349f42dbdeb4f708ea71f0f5f
SSDEEP

6144:TBSTuWUckSbLG37/NG2ZO7nK/kgUaYJIpOok7+K5:TBSTuWUye37/HUnK/kp+u+Y

Score

10^/10

Malware Config

Extracted

Family

gcleaner

C2

ggg-cl.biz

45.9.20.13

Targets

- Target
  
  0970b2e0391fe778c790d0c7ecb98d36def554fbfe1f3776b8cbf7f96eddc684.exe
- Size
  
  332KB
- MD5
  
  d8a65cfcfad34a96ec277ac0952b4d7e
- SHA1
  
  4efebca2c304837e12bca351529f1963bc479799
- SHA256
  
  0970b2e0391fe778c790d0c7ecb98d36def554fbfe1f3776b8cbf7f96eddc684
- SHA512
  
  dd6253508c85ea897507d767fb65e00d813f816a2010e26c4c781f94b246c5d540b4b2591a93f51b31da34476b224e07e979a99349f42dbdeb4f708ea71f0f5f
- SSDEEP
  
  6144:TBSTuWUckSbLG37/NG2ZO7nK/kgUaYJIpOok7+K5:TBSTuWUye37/HUnK/kp+u+Y
Score

10^/10

gcleaner onlylogger discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- Onlylogger family
  onlylogger
- OnlyLogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Gcleaner family

OnlyLogger

Onlylogger family

OnlyLogger payload

Checks computer location settings

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2