Extracted

• • Target

    a75e90dafe1c1654c511fa5d01f5092a1bb3880b7b210689a910035425918f66.exe

  • Size

    434KB

  • MD5

    1a29a0877e8cf4f655f11082d0298dc9

  • SHA1

    f83aa10e5dd0600228c7ecd3e787e1dc1e24a5f1

  • SHA256

    a75e90dafe1c1654c511fa5d01f5092a1bb3880b7b210689a910035425918f66

  • SHA512

    3033bb7391371acc0f54a7b7dc72954f1a5caea4d55ed3a5f04807c8cca2193301f9581bf39c846afa1b81106025dcdbc84df67c37f2868bd4cd2669cfa582c7

  • SSDEEP

    12288:GeSy7hLlys4W40FVHGZyrqXNqvgWw1Y90fuzOj:GkpMs4WnFQgNwC90G6j

  Score

  10^/10

  gcleaneronlyloggerdiscoveryloader

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner

  • Gcleaner family

    gcleaner

  • OnlyLogger

    A tiny loader that uses IPLogger to get its payload.

    loaderonlylogger

  • Onlylogger family

    onlylogger

  • OnlyLogger payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  behavioral1behavioral2