Extracted

• • Target

    77f4bbe1f7bd124fcb15c3416d1e8fcf_JaffaCakes118

  • Size

    338KB

  • MD5

    77f4bbe1f7bd124fcb15c3416d1e8fcf

  • SHA1

    ef9a68db31683da6c4ea0dadebcb48d7817da578

  • SHA256

    1ea473c1d73b6772f66dd62e82257db13335ff45f94f1bedc024f6e99778abea

  • SHA512

    4a87c1cd1423c1e7454d07d9ed13212beb165bcfd9107fc79783fe1e6ae33058b8bc4dbbfe20cbd4dff822dcd395b6b85d57c86b9e2cd286118c1b825f0bfb65

  • SSDEEP

    6144:FdUL9iYuNEpiCOEig7wD+ZJyAucxI6D4Q1c4KDV3N/9n6QipcoGg7dg:FKpbuezqg7YMHucxI6ONDVJ2m47

  Score

  10^/10

  gcleaneronlyloggerdiscoveryloader

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner

  • Gcleaner family

    gcleaner

  • OnlyLogger

    A tiny loader that uses IPLogger to get its payload.

    loaderonlylogger

  • Onlylogger family

    onlylogger

  • OnlyLogger payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  behavioral1behavioral2