General

  • Target

    fb462b6cf7c1fcdd426c5735fd430bd3_JaffaCakes118

  • Size

    361KB

  • Sample

    240419-12yp3ahf5v

  • MD5

    fb462b6cf7c1fcdd426c5735fd430bd3

  • SHA1

    01500889439c8124e12355d8194e32f56031f6c7

  • SHA256

    34f384a86860c3a97e6b95cc85434a4ca8e656892b42b48e7005d25d513c9ad2

  • SHA512

    77db1c93686deba6b4efd91badfd14abc14f4c0d0aabdbb500f2436d72188149c4b560417251497cdee00645b9d399bb441fbcfc1b28ab96e61a9bb565c4b52f

  • SSDEEP

    6144:0rL0HS/AR187m4HpjgGp3cqbleEHKJnMYBZc9aNIanX59EPCm:0roHS/ARKaGpfldcLXaaX59Y

Malware Config

Extracted

Family

gcleaner

C2

194.145.227.161

Targets

    • Target

      fb462b6cf7c1fcdd426c5735fd430bd3_JaffaCakes118

    • Size

      361KB

    • MD5

      fb462b6cf7c1fcdd426c5735fd430bd3

    • SHA1

      01500889439c8124e12355d8194e32f56031f6c7

    • SHA256

      34f384a86860c3a97e6b95cc85434a4ca8e656892b42b48e7005d25d513c9ad2

    • SHA512

      77db1c93686deba6b4efd91badfd14abc14f4c0d0aabdbb500f2436d72188149c4b560417251497cdee00645b9d399bb441fbcfc1b28ab96e61a9bb565c4b52f

    • SSDEEP

      6144:0rL0HS/AR187m4HpjgGp3cqbleEHKJnMYBZc9aNIanX59EPCm:0roHS/ARKaGpfldcLXaaX59Y

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • OnlyLogger

      A tiny loader that uses IPLogger to get its payload.

    • OnlyLogger payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.