gcleaner | d3cbcf7224c5cd688e665238b91e2b0249c175d6238af31398308e7ecb226cb9 | Triage

Submit
Reports

Overview

overview

Static

static

3

fd6f2d6431...18.exe

windows7-x64

fd6f2d6431...18.exe

windows10-2004-x64

Sharing

General

Target

fd6f2d6431adc8ab79ef69616b9b756a_JaffaCakes118
Size

285KB
Sample

241218-2vzjfsvrby
MD5

fd6f2d6431adc8ab79ef69616b9b756a
SHA1

061bf41849559a21f667cf4289ca5cd32fcca9da
SHA256

d3cbcf7224c5cd688e665238b91e2b0249c175d6238af31398308e7ecb226cb9
SHA512

a1521b76a706888d14c16a388995f75dd5422c4bb317a9887bced337dcf2f34217ca74a3ea0f350321f0b270e27fa021e8382a96b0d0cad1a4d9dec4bffdc19d
SSDEEP

6144:iw2nNVPt9knkBGvINhmjVss4ocL4hL1NZh:iw2nNVnkndIn42hocknv

Score

10^/10

gcleaner onlylogger discovery loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fd6f2d6431adc8ab79ef69616b9b756a_JaffaCakes118.exe

Resource

win7-20240903-en

gcleaner onlylogger discovery loader

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

fd6f2d6431adc8ab79ef69616b9b756a_JaffaCakes118.exe

Resource

win10v2004-20241007-en

gcleaner onlylogger discovery loader

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

gcl-page.biz

194.145.227.161

Targets

- Target
  
  fd6f2d6431adc8ab79ef69616b9b756a_JaffaCakes118
- Size
  
  285KB
- MD5
  
  fd6f2d6431adc8ab79ef69616b9b756a
- SHA1
  
  061bf41849559a21f667cf4289ca5cd32fcca9da
- SHA256
  
  d3cbcf7224c5cd688e665238b91e2b0249c175d6238af31398308e7ecb226cb9
- SHA512
  
  a1521b76a706888d14c16a388995f75dd5422c4bb317a9887bced337dcf2f34217ca74a3ea0f350321f0b270e27fa021e8382a96b0d0cad1a4d9dec4bffdc19d
- SSDEEP
  
  6144:iw2nNVPt9knkBGvINhmjVss4ocL4hL1NZh:iw2nNVnkndIn42hocknv
Score

10^/10

gcleaner onlylogger discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- Onlylogger family
  onlylogger
- OnlyLogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

gcleaneronlyloggerdiscoveryloader

behavioral2

gcleaneronlyloggerdiscoveryloader

© 2018-2024

Terms | Privacy