Extracted

• • Target

    9e03c3d15e441a6973948ecc552f7e38a013827782458f10b7bc78c11532a6d9.exe

  • Size

    431KB

  • MD5

    89d3e2b5bec6b8da8fc326719ead4f4d

  • SHA1

    daae4c3523ccadd14a15ed489142131a53da0940

  • SHA256

    9e03c3d15e441a6973948ecc552f7e38a013827782458f10b7bc78c11532a6d9

  • SHA512

    cc49ebb4731c0d4fada38fef76410e6bf484fd48bde3922d1fe95917451bf907de0fe5230d6ec6ff84a4baacdf3f1a653d8cef1ca371763bbd3c636c5f4834ff

  • SSDEEP

    12288:6aBNfc0nKmROQCOkj7+fLdumr9miXhDjZ1E:Rj0MxRlC765umpth4

  Score

  10^/10

  gcleaneronlyloggerdiscoveryloader

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner

  • Gcleaner family

    gcleaner

  • OnlyLogger

    A tiny loader that uses IPLogger to get its payload.

    loaderonlylogger

  • Onlylogger family

    onlylogger

  • OnlyLogger payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  behavioral1behavioral2