gcleaner

General

Target

JaffaCakes118_1f6f848957120d740d39b860f479e8b9
Size

439KB
Sample

250106-mzg3msvkcz
MD5

1f6f848957120d740d39b860f479e8b9
SHA1

8dbccfed0281d7fbb896b48cbc8ee739612bfab7
SHA256

946bb6d961cc5cdd58e3772c695fcaf967a68fd83ed8b6bd43029f3fb90c69a0
SHA512

23920af4b22bb89fc2265063fdd5d097be26fc28b78baac199d0b91424d58a7be3fc358518b0ba8ed871cc07bcb6034bec8e26716602ffb7bdbadcdafc127d8f
SSDEEP

6144:oYO/gkYrO+hEaDW9FU6oHZxfQ9+GX/QIQq0qop+Lv7sBuzJWQs0d7:HDkYr9GOo8ZmoU/QIKqo+L8uzJP9d

Score

10^/10

Malware Config

Extracted

Family

gcleaner

C2

ggg-cl.biz

45.9.20.13

Targets

- Target
  
  JaffaCakes118_1f6f848957120d740d39b860f479e8b9
- Size
  
  439KB
- MD5
  
  1f6f848957120d740d39b860f479e8b9
- SHA1
  
  8dbccfed0281d7fbb896b48cbc8ee739612bfab7
- SHA256
  
  946bb6d961cc5cdd58e3772c695fcaf967a68fd83ed8b6bd43029f3fb90c69a0
- SHA512
  
  23920af4b22bb89fc2265063fdd5d097be26fc28b78baac199d0b91424d58a7be3fc358518b0ba8ed871cc07bcb6034bec8e26716602ffb7bdbadcdafc127d8f
- SSDEEP
  
  6144:oYO/gkYrO+hEaDW9FU6oHZxfQ9+GX/QIQq0qop+Lv7sBuzJWQs0d7:HDkYr9GOo8ZmoU/QIKqo+L8uzJP9d
Score

10^/10

gcleaner onlylogger discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- Onlylogger family
  onlylogger
- OnlyLogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Gcleaner family

OnlyLogger

Onlylogger family

OnlyLogger payload

Checks computer location settings

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2