gcleaner

General

Target

JaffaCakes118_01462017cae5db103b27c864ef145b7c
Size

400KB
Sample

250105-3c1t8s1lem
MD5

01462017cae5db103b27c864ef145b7c
SHA1

526586e175b3e6c9def0f47c58a27e3e051eaef5
SHA256

82aa048783354378ad2b8c0f5f1747d9ffe477f5e02d3a32733aa02d65be1d77
SHA512

940d1c2a1d1f1741bb53f7a33d3bea5a972257860d57ff4f9de047ef540277d6cf44792c6223db0d22a52eea695f5d7e83c0b5567161fd7c88455fc0a703ebc1
SSDEEP

12288:FxYlQL+Ltuy1GYmHGSicXdB0pKBIp7P3nF:FxYSDy1GYmHfbX31+l

Score

10^/10

Malware Config

Extracted

Family

gcleaner

C2

ppp-gl.biz

45.9.20.13

Targets

- Target
  
  JaffaCakes118_01462017cae5db103b27c864ef145b7c
- Size
  
  400KB
- MD5
  
  01462017cae5db103b27c864ef145b7c
- SHA1
  
  526586e175b3e6c9def0f47c58a27e3e051eaef5
- SHA256
  
  82aa048783354378ad2b8c0f5f1747d9ffe477f5e02d3a32733aa02d65be1d77
- SHA512
  
  940d1c2a1d1f1741bb53f7a33d3bea5a972257860d57ff4f9de047ef540277d6cf44792c6223db0d22a52eea695f5d7e83c0b5567161fd7c88455fc0a703ebc1
- SSDEEP
  
  12288:FxYlQL+Ltuy1GYmHGSicXdB0pKBIp7P3nF:FxYSDy1GYmHfbX31+l
Score

10^/10

gcleaner onlylogger discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- Onlylogger family
  onlylogger
- OnlyLogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Gcleaner family

OnlyLogger

Onlylogger family

OnlyLogger payload

Checks computer location settings

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2