gcleaner

General

Target

b7d610ea84da74ede9f9dfeab88f8475_JaffaCakes118
Size

339KB
Sample

241202-kvze1syjcz
MD5

b7d610ea84da74ede9f9dfeab88f8475
SHA1

852d7c21e13e6fa5fc2a58941d926af734e02959
SHA256

fa83eba7e3b3197c422823db67eb3ce509293eda358b29536cec627aa424865c
SHA512

4f2270efc792598c1f21f0d44840ca6cdcfe7757a6e3d938db2e10689a216cbe5f49a32ec54ad416669a04d8ade92e38511533be90090d964f46df1adb16abfa
SSDEEP

6144:6H79ve/t8CucAkoJNNABqA3dg23C5IPTOphn7B4FjKiSM+Xb:6H79veiCunjNctggCqqpd9UH7

Score

10^/10

Malware Config

Extracted

Family

gcleaner

C2

gcl-page.biz

194.145.227.161

Targets

- Target
  
  b7d610ea84da74ede9f9dfeab88f8475_JaffaCakes118
- Size
  
  339KB
- MD5
  
  b7d610ea84da74ede9f9dfeab88f8475
- SHA1
  
  852d7c21e13e6fa5fc2a58941d926af734e02959
- SHA256
  
  fa83eba7e3b3197c422823db67eb3ce509293eda358b29536cec627aa424865c
- SHA512
  
  4f2270efc792598c1f21f0d44840ca6cdcfe7757a6e3d938db2e10689a216cbe5f49a32ec54ad416669a04d8ade92e38511533be90090d964f46df1adb16abfa
- SSDEEP
  
  6144:6H79ve/t8CucAkoJNNABqA3dg23C5IPTOphn7B4FjKiSM+Xb:6H79veiCunjNctggCqqpd9UH7
Score

10^/10

gcleaner onlylogger discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- Onlylogger family
  onlylogger
- OnlyLogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Gcleaner family

OnlyLogger

Onlylogger family

OnlyLogger payload

Checks computer location settings

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2