gcleaner

General

Target

JaffaCakes118_cb8ebd25f8838510e3e65ff24e988f86
Size

409KB
Sample

250109-srrj1avpdk
MD5

cb8ebd25f8838510e3e65ff24e988f86
SHA1

a87c09ccbf33ac48b4d3d5ed6838bf5ec31074bd
SHA256

86eea5405b09a3100a40691d3e2ad7b1d4f7a9f0796e14b8ecc5c381bc80d3ca
SHA512

bcc256faf2c2b50b6d5b44a03129c9612e9aaf981aaf1abc3009ca30ba27a9936cf84ccdaa70ed2835204505d7c79ed4ba103f0c579c922d48cd01e96f9a28a4
SSDEEP

12288:257Jh9ckVKXJnSWxrDyJUw0omE7YJacfB:2571wJnSWxrDyJtmHJ

Score

10^/10

Malware Config

Extracted

Family

gcleaner

C2

ppp-gl.biz

45.9.20.13

Targets

- Target
  
  JaffaCakes118_cb8ebd25f8838510e3e65ff24e988f86
- Size
  
  409KB
- MD5
  
  cb8ebd25f8838510e3e65ff24e988f86
- SHA1
  
  a87c09ccbf33ac48b4d3d5ed6838bf5ec31074bd
- SHA256
  
  86eea5405b09a3100a40691d3e2ad7b1d4f7a9f0796e14b8ecc5c381bc80d3ca
- SHA512
  
  bcc256faf2c2b50b6d5b44a03129c9612e9aaf981aaf1abc3009ca30ba27a9936cf84ccdaa70ed2835204505d7c79ed4ba103f0c579c922d48cd01e96f9a28a4
- SSDEEP
  
  12288:257Jh9ckVKXJnSWxrDyJUw0omE7YJacfB:2571wJnSWxrDyJtmHJ
Score

10^/10

gcleaner onlylogger discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- Onlylogger family
  onlylogger
- OnlyLogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Gcleaner family

OnlyLogger

Onlylogger family

OnlyLogger payload

Checks computer location settings

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2