gcleaner

General

Target

JaffaCakes118_44a20c6259effbc4f8d19d3b9ad9e79e
Size

444KB
Sample

250107-bewjrawqdv
MD5

44a20c6259effbc4f8d19d3b9ad9e79e
SHA1

170ad5ae18a3080f27ca66bae3cb5eaf4125e4d1
SHA256

8df85de69eca57ba12d2044e751c655cef674fb84b9a78d0c3f48c7d71285eef
SHA512

996009c1ca9ef758f0529645962c83b6ca9f603edf7fc43d7dcb844cc3698e67b82629f705c592714f297def233cdef73ffa7a94342d542a25ab4bc6bc645c8b
SSDEEP

6144:AP4wNuvLiiCuTp96R6NIDCClmktNrKoHTR3RgBWSyj3L8cBzquus/fqQ3hQ/:AwUbvcr6wODCItNLthgWdj3L8Iks/SQ

Score

10^/10

Malware Config

Extracted

Family

gcleaner

C2

gcl-gb.biz

45.9.20.13

Targets

- Target
  
  JaffaCakes118_44a20c6259effbc4f8d19d3b9ad9e79e
- Size
  
  444KB
- MD5
  
  44a20c6259effbc4f8d19d3b9ad9e79e
- SHA1
  
  170ad5ae18a3080f27ca66bae3cb5eaf4125e4d1
- SHA256
  
  8df85de69eca57ba12d2044e751c655cef674fb84b9a78d0c3f48c7d71285eef
- SHA512
  
  996009c1ca9ef758f0529645962c83b6ca9f603edf7fc43d7dcb844cc3698e67b82629f705c592714f297def233cdef73ffa7a94342d542a25ab4bc6bc645c8b
- SSDEEP
  
  6144:AP4wNuvLiiCuTp96R6NIDCClmktNrKoHTR3RgBWSyj3L8cBzquus/fqQ3hQ/:AwUbvcr6wODCItNLthgWdj3L8Iks/SQ
Score

10^/10

gcleaner onlylogger discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- Onlylogger family
  onlylogger
- OnlyLogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Gcleaner family

OnlyLogger

Onlylogger family

OnlyLogger payload

Checks computer location settings

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2