gcleaner

General

Target

JaffaCakes118_d8e69e65eefc5b003caf51dcc157647d
Size

390KB
Sample

250110-c9ys2a1rdm
MD5

d8e69e65eefc5b003caf51dcc157647d
SHA1

2874519b8716f29bbb024ad7cd5d9c6dd7f9cbfe
SHA256

f32d44862384367401e6c557229cdb1503f2459d81fcaf7ed071ad6a74b80012
SHA512

2b4309d0cfa9ce4e67ebe1531f3ea35cfd21e55e3ae594bd33b707beae844fdfef82bb5fc8421daf5cc80cec336158f2ffa261476606d1155ffa700264b1b24d
SSDEEP

12288:YhvGvuuooNGbcsByIo5arCvwZGEX8cA0/M:YkvuuVDmyIoYr9sEv

Score

10^/10

Malware Config

Extracted

Family

gcleaner

C2

ppp-gl.biz

45.9.20.13

Targets

- Target
  
  JaffaCakes118_d8e69e65eefc5b003caf51dcc157647d
- Size
  
  390KB
- MD5
  
  d8e69e65eefc5b003caf51dcc157647d
- SHA1
  
  2874519b8716f29bbb024ad7cd5d9c6dd7f9cbfe
- SHA256
  
  f32d44862384367401e6c557229cdb1503f2459d81fcaf7ed071ad6a74b80012
- SHA512
  
  2b4309d0cfa9ce4e67ebe1531f3ea35cfd21e55e3ae594bd33b707beae844fdfef82bb5fc8421daf5cc80cec336158f2ffa261476606d1155ffa700264b1b24d
- SSDEEP
  
  12288:YhvGvuuooNGbcsByIo5arCvwZGEX8cA0/M:YkvuuVDmyIoYr9sEv
Score

10^/10

gcleaner onlylogger discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- Onlylogger family
  onlylogger
- OnlyLogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Gcleaner family

OnlyLogger

Onlylogger family

OnlyLogger payload

Checks computer location settings

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2