gcleaner

General

Target

JaffaCakes118_3044c8b2cebe82faf81138a2471b62ef
Size

434KB
Sample

250106-vvjdxavjar
MD5

3044c8b2cebe82faf81138a2471b62ef
SHA1

a4358ade6e71e1a155fdec5a1bbdb72af73b2851
SHA256

33125c43c57501269f3f99dcfb7881b2a173b93b326c6d1c426a9701c5d93fdb
SHA512

b324b0b001f5f8ccd0193cb8fe60571aafd5cce66ef6dcd308329249b95370cb487f89109a2114dd491e4a6a1e444e3b6058248250b329b9655c2a870f3307cb
SSDEEP

6144:pMAkZA40pwdwpUL+0lcUEPC2RSGxNeNoxD9LJwJgwuRD7pudbXUvkfd+etH83:pX9bBpU9MK25yNyZdXw2D7paEvS8

Score

10^/10

Malware Config

Extracted

Family

gcleaner

C2

gcl-gb.biz

45.9.20.13

Targets

- Target
  
  JaffaCakes118_3044c8b2cebe82faf81138a2471b62ef
- Size
  
  434KB
- MD5
  
  3044c8b2cebe82faf81138a2471b62ef
- SHA1
  
  a4358ade6e71e1a155fdec5a1bbdb72af73b2851
- SHA256
  
  33125c43c57501269f3f99dcfb7881b2a173b93b326c6d1c426a9701c5d93fdb
- SHA512
  
  b324b0b001f5f8ccd0193cb8fe60571aafd5cce66ef6dcd308329249b95370cb487f89109a2114dd491e4a6a1e444e3b6058248250b329b9655c2a870f3307cb
- SSDEEP
  
  6144:pMAkZA40pwdwpUL+0lcUEPC2RSGxNeNoxD9LJwJgwuRD7pudbXUvkfd+etH83:pX9bBpU9MK25yNyZdXw2D7paEvS8
Score

10^/10

gcleaner onlylogger discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- Onlylogger family
  onlylogger
- OnlyLogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Gcleaner family

OnlyLogger

Onlylogger family

OnlyLogger payload

Checks computer location settings

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2