gcleaner

General

Target

JaffaCakes118_6a52bc5eb7167b1b9388750a87a37459
Size

444KB
Sample

250107-spjrdaykhk
MD5

6a52bc5eb7167b1b9388750a87a37459
SHA1

08eee7cd20b0bb9d1097357a8bcc877be72c6010
SHA256

29fc9e60d4b92944739c3cef4ad4bb781d4ef4549c1f49a2d33e940bd0f6c62d
SHA512

e3155809ded9a013f7388650a0be5cd2a02d5286287fadaf541aea89926cef68ec0167dd6bdb28634c098c91b7bab3908960ff4eef6efd8b97508f955d05c376
SSDEEP

12288:efdgTBtlvcWmxZ1S9nTQD6erx3fuwBdCnkNTDevWh:eFg9tcXS9cxPuJnkZD

Score

10^/10

Malware Config

Extracted

Family

gcleaner

C2

gcl-gb.biz

45.9.20.13

Targets

- Target
  
  JaffaCakes118_6a52bc5eb7167b1b9388750a87a37459
- Size
  
  444KB
- MD5
  
  6a52bc5eb7167b1b9388750a87a37459
- SHA1
  
  08eee7cd20b0bb9d1097357a8bcc877be72c6010
- SHA256
  
  29fc9e60d4b92944739c3cef4ad4bb781d4ef4549c1f49a2d33e940bd0f6c62d
- SHA512
  
  e3155809ded9a013f7388650a0be5cd2a02d5286287fadaf541aea89926cef68ec0167dd6bdb28634c098c91b7bab3908960ff4eef6efd8b97508f955d05c376
- SSDEEP
  
  12288:efdgTBtlvcWmxZ1S9nTQD6erx3fuwBdCnkNTDevWh:eFg9tcXS9cxPuJnkZD
Score

10^/10

gcleaner onlylogger discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- Onlylogger family
  onlylogger
- OnlyLogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Gcleaner family

OnlyLogger

Onlylogger family

OnlyLogger payload

Checks computer location settings

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2