gcleaner | 34f384a86860c3a97e6b95cc85434a4ca8e656892b42b48e7005d25d513c9ad2 | Triage

Submit
Reports

Overview

overview

Static

static

3

fb462b6cf7...18.exe

windows7-x64

fb462b6cf7...18.exe

windows10-2004-x64

Sharing

General

Target

fb462b6cf7c1fcdd426c5735fd430bd3_JaffaCakes118
Size

361KB
Sample

240419-12yp3ahf5v
MD5

fb462b6cf7c1fcdd426c5735fd430bd3
SHA1

01500889439c8124e12355d8194e32f56031f6c7
SHA256

34f384a86860c3a97e6b95cc85434a4ca8e656892b42b48e7005d25d513c9ad2
SHA512

77db1c93686deba6b4efd91badfd14abc14f4c0d0aabdbb500f2436d72188149c4b560417251497cdee00645b9d399bb441fbcfc1b28ab96e61a9bb565c4b52f
SSDEEP

6144:0rL0HS/AR187m4HpjgGp3cqbleEHKJnMYBZc9aNIanX59EPCm:0roHS/ARKaGpfldcLXaaX59Y

Score

10^/10

gcleaner onlylogger loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fb462b6cf7c1fcdd426c5735fd430bd3_JaffaCakes118.exe

Resource

win7-20240221-en

gcleaner onlylogger loader

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

fb462b6cf7c1fcdd426c5735fd430bd3_JaffaCakes118.exe

Resource

win10v2004-20240226-en

gcleaner onlylogger loader

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

194.145.227.161

Targets

- Target
  
  fb462b6cf7c1fcdd426c5735fd430bd3_JaffaCakes118
- Size
  
  361KB
- MD5
  
  fb462b6cf7c1fcdd426c5735fd430bd3
- SHA1
  
  01500889439c8124e12355d8194e32f56031f6c7
- SHA256
  
  34f384a86860c3a97e6b95cc85434a4ca8e656892b42b48e7005d25d513c9ad2
- SHA512
  
  77db1c93686deba6b4efd91badfd14abc14f4c0d0aabdbb500f2436d72188149c4b560417251497cdee00645b9d399bb441fbcfc1b28ab96e61a9bb565c4b52f
- SSDEEP
  
  6144:0rL0HS/AR187m4HpjgGp3cqbleEHKJnMYBZc9aNIanX59EPCm:0roHS/ARKaGpfldcLXaaX59Y
Score

10^/10

gcleaner onlylogger loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- OnlyLogger
  A tiny loader that uses IPLogger to get its payload.
  loader onlylogger
- OnlyLogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gcleaneronlyloggerloader

behavioral2

gcleaneronlyloggerloader

© 2018-2024

Terms | Privacy