gcleaner | d30ebd026461f980294598a71714ca6f67f56952c88ff6e4b44d460b427301e0 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

ec8fa1c705...18.exe

windows7-x64

ec8fa1c705...18.exe

windows10-2004-x64

Sharing

General

Target

ec8fa1c70521e73b51c8316dcfa8b0be_JaffaCakes118
Size

250KB
Sample

241213-vveqqaxkdq
MD5

ec8fa1c70521e73b51c8316dcfa8b0be
SHA1

744280e7416ac94703cadd46a19e06d99e2c7a01
SHA256

d30ebd026461f980294598a71714ca6f67f56952c88ff6e4b44d460b427301e0
SHA512

db74d19dc150c15f2afc22db65d3c746e12d34025140384ba9fb27ccded07571088ad34fa9c4414c6006268147730f9b4867035c42307af3494cd061d4a9479c
SSDEEP

3072:+EZn8hpiHLI2Eb/BUtMFOM7Sfu+llnIkfPWkz4XNxhZKtZFxwl+i55XkazK:rn87ALI2EDatAOez+lOk3w0tql+elO

Score

10^/10

gcleaner onlylogger discovery loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ec8fa1c70521e73b51c8316dcfa8b0be_JaffaCakes118.exe

Resource

win7-20240903-en

gcleaner onlylogger discovery loader

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

ec8fa1c70521e73b51c8316dcfa8b0be_JaffaCakes118.exe

Resource

win10v2004-20241007-en

gcleaner onlylogger discovery loader

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

gc-prtnrs.top

gcc-prtnrs.top

Targets

- Target
  
  ec8fa1c70521e73b51c8316dcfa8b0be_JaffaCakes118
- Size
  
  250KB
- MD5
  
  ec8fa1c70521e73b51c8316dcfa8b0be
- SHA1
  
  744280e7416ac94703cadd46a19e06d99e2c7a01
- SHA256
  
  d30ebd026461f980294598a71714ca6f67f56952c88ff6e4b44d460b427301e0
- SHA512
  
  db74d19dc150c15f2afc22db65d3c746e12d34025140384ba9fb27ccded07571088ad34fa9c4414c6006268147730f9b4867035c42307af3494cd061d4a9479c
- SSDEEP
  
  3072:+EZn8hpiHLI2Eb/BUtMFOM7Sfu+llnIkfPWkz4XNxhZKtZFxwl+i55XkazK:rn87ALI2EDatAOez+lOk3w0tql+elO
Score

10^/10

gcleaner onlylogger discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- Onlylogger family
  onlylogger
- OnlyLogger payload
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleaneronlyloggerdiscoveryloader

behavioral2

gcleaneronlyloggerdiscoveryloader

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.