gcleaner

General

Target

4722b8ae2d4b0cd9b5eae918fa346ef32cd56eb4fd23a74993c3c5337a786e62N.exe
Size

332KB
Sample

241128-n9sskaspcq
MD5

b43e6bb71d463a7eed07ee2f411eecb0
SHA1

e8d487e0ae107877142a1dfa2219d1e2c59e976f
SHA256

4722b8ae2d4b0cd9b5eae918fa346ef32cd56eb4fd23a74993c3c5337a786e62
SHA512

34f5f3f32940cab47c731f783e5fafb367c6058ac720dd20b1e909178f3af9338c4cfe5efd5d28976be7b9d9e86081e2e7d297d5ea869088d477d45d6008f72f
SSDEEP

6144:TBSTuWUckSbLG37/NG2ZO7nK/kgUaYJIpOok7+K:TBSTuWUye37/HUnK/kp+u+

Score

10^/10

Malware Config

Extracted

Family

gcleaner

C2

ggg-cl.biz

45.9.20.13

Targets

- Target
  
  4722b8ae2d4b0cd9b5eae918fa346ef32cd56eb4fd23a74993c3c5337a786e62N.exe
- Size
  
  332KB
- MD5
  
  b43e6bb71d463a7eed07ee2f411eecb0
- SHA1
  
  e8d487e0ae107877142a1dfa2219d1e2c59e976f
- SHA256
  
  4722b8ae2d4b0cd9b5eae918fa346ef32cd56eb4fd23a74993c3c5337a786e62
- SHA512
  
  34f5f3f32940cab47c731f783e5fafb367c6058ac720dd20b1e909178f3af9338c4cfe5efd5d28976be7b9d9e86081e2e7d297d5ea869088d477d45d6008f72f
- SSDEEP
  
  6144:TBSTuWUckSbLG37/NG2ZO7nK/kgUaYJIpOok7+K:TBSTuWUye37/HUnK/kp+u+
Score

10^/10

gcleaner onlylogger discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- Onlylogger family
  onlylogger
- OnlyLogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Gcleaner family

OnlyLogger

Onlylogger family

OnlyLogger payload

Checks computer location settings

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2