gcleaner

General

Target

JaffaCakes118_41028752ad94dc4206e7532332bb4b5a
Size

432KB
Sample

250106-3mbyvstjav
MD5

41028752ad94dc4206e7532332bb4b5a
SHA1

f7bb7ebb3667f4b748252529402f96df43b5de41
SHA256

9382b14d05294e88954bc799f7cbf86f98959c60ffa06f0e02dedad5d7230c49
SHA512

3697f029b9b6f36655d1f3ced5efdff3e855801d65eadf97ad686edd77898bb42b58f211ea21cd3c612e46778308998edbb4f748362704bfa97a3aa81cce9e77
SSDEEP

6144:ZU+m2xF9/rN4+QlMMzb4t9jNtfnMptCrqKYJV9x0YiqE1Kefq2PzFEWbItp38JV/:Z2IP0ct9LMp0rqKYtXTg/q2rFx6MJ

Score

10^/10

Malware Config

Extracted

Family

gcleaner

C2

gcl-gb.biz

45.9.20.13

Targets

- Target
  
  JaffaCakes118_41028752ad94dc4206e7532332bb4b5a
- Size
  
  432KB
- MD5
  
  41028752ad94dc4206e7532332bb4b5a
- SHA1
  
  f7bb7ebb3667f4b748252529402f96df43b5de41
- SHA256
  
  9382b14d05294e88954bc799f7cbf86f98959c60ffa06f0e02dedad5d7230c49
- SHA512
  
  3697f029b9b6f36655d1f3ced5efdff3e855801d65eadf97ad686edd77898bb42b58f211ea21cd3c612e46778308998edbb4f748362704bfa97a3aa81cce9e77
- SSDEEP
  
  6144:ZU+m2xF9/rN4+QlMMzb4t9jNtfnMptCrqKYJV9x0YiqE1Kefq2PzFEWbItp38JV/:Z2IP0ct9LMp0rqKYtXTg/q2rFx6MJ
Score

10^/10

gcleaner onlylogger discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- Onlylogger family
  onlylogger
- OnlyLogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Gcleaner family

OnlyLogger

Onlylogger family

OnlyLogger payload

Checks computer location settings

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2