gcleaner | 6543fb158c4d0ace63d292da67d86920914c57280adeb9726694cb7805f7466b | Triage

Submit
Reports

Overview

overview

Static

static

3

ab8781ed00...18.exe

windows7-x64

ab8781ed00...18.exe

windows10-2004-x64

Sharing

General

Target

ab8781ed006eff23e2f4391e9d87d33c_JaffaCakes118
Size

356KB
Sample

241128-jg629szqht
MD5

ab8781ed006eff23e2f4391e9d87d33c
SHA1

d557dc317e733bcc896a08158c4bc978b524c689
SHA256

6543fb158c4d0ace63d292da67d86920914c57280adeb9726694cb7805f7466b
SHA512

73c8f4b37d076e2d8606375d3bbc821ccaab5b82ba68e8b2aad48881dcb893ce218334cdaa026acc426080599794240157a6e56ceaa2979276e8e983dfc61a69
SSDEEP

6144:KPQzXx/rNASsV56sMrFQPUuqwogELhSblM0zPJFw1NDDPBRe5EMj:9zXpqSsV5crFQP+nVl0Pa1FDPBRkJj

Score

10^/10

gcleaner onlylogger discovery loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ab8781ed006eff23e2f4391e9d87d33c_JaffaCakes118.exe

Resource

win7-20240903-en

gcleaner onlylogger discovery loader

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

ab8781ed006eff23e2f4391e9d87d33c_JaffaCakes118.exe

Resource

win10v2004-20241007-en

gcleaner onlylogger discovery loader

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  ab8781ed006eff23e2f4391e9d87d33c_JaffaCakes118
- Size
  
  356KB
- MD5
  
  ab8781ed006eff23e2f4391e9d87d33c
- SHA1
  
  d557dc317e733bcc896a08158c4bc978b524c689
- SHA256
  
  6543fb158c4d0ace63d292da67d86920914c57280adeb9726694cb7805f7466b
- SHA512
  
  73c8f4b37d076e2d8606375d3bbc821ccaab5b82ba68e8b2aad48881dcb893ce218334cdaa026acc426080599794240157a6e56ceaa2979276e8e983dfc61a69
- SSDEEP
  
  6144:KPQzXx/rNASsV56sMrFQPUuqwogELhSblM0zPJFw1NDDPBRe5EMj:9zXpqSsV5crFQP+nVl0Pa1FDPBRkJj
Score

10^/10

gcleaner onlylogger discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- Onlylogger family
  onlylogger
- OnlyLogger payload
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleaneronlyloggerdiscoveryloader

behavioral2

gcleaneronlyloggerdiscoveryloader

© 2018-2024

Terms | Privacy