gcleaner

General

Target

JaffaCakes118_e3e50e67b391094d20138fc23069801c
Size

443KB
Sample

250110-pbznwswmbq
MD5

e3e50e67b391094d20138fc23069801c
SHA1

782e6eafef71417c8a23af5c71722befeda4765f
SHA256

d3ae130dbe49ef7c5b9a8cca96fc259b37439690fece2c8b78978ac1c3e9218a
SHA512

d80b283f7cfaef4d2292c9fd4c3fea3225bf944c84fd705da4a6d721836c6740b1fd9cfeacefc908983184be3d83ddf149398380baa0147923559890522e75ce
SSDEEP

12288:Lt+zkr+f7tVq8FHxw2xwDVCnd+wzQOFt:LgI6fxVq8PWDAndRXn

Score

10^/10

Malware Config

Extracted

Family

gcleaner

C2

gcl-gb.biz

45.9.20.13

Targets

- Target
  
  JaffaCakes118_e3e50e67b391094d20138fc23069801c
- Size
  
  443KB
- MD5
  
  e3e50e67b391094d20138fc23069801c
- SHA1
  
  782e6eafef71417c8a23af5c71722befeda4765f
- SHA256
  
  d3ae130dbe49ef7c5b9a8cca96fc259b37439690fece2c8b78978ac1c3e9218a
- SHA512
  
  d80b283f7cfaef4d2292c9fd4c3fea3225bf944c84fd705da4a6d721836c6740b1fd9cfeacefc908983184be3d83ddf149398380baa0147923559890522e75ce
- SSDEEP
  
  12288:Lt+zkr+f7tVq8FHxw2xwDVCnd+wzQOFt:LgI6fxVq8PWDAndRXn
Score

10^/10

gcleaner onlylogger discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- Onlylogger family
  onlylogger
- OnlyLogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Gcleaner family

OnlyLogger

Onlylogger family

OnlyLogger payload

Checks computer location settings

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2