Extracted

• • Target

    1d818366c5492865f1b19fe56f804aa994f13ea8ccc5896518e3ef275dcba100.exe

  • Size

    444KB

  • MD5

    0c00f89b8e87f3677c63957f73fa04c6

  • SHA1

    e6fe715ad8bbec891a148f8b3dc15ac36e015dfb

  • SHA256

    1d818366c5492865f1b19fe56f804aa994f13ea8ccc5896518e3ef275dcba100

  • SHA512

    d9bee8b7185271c7a8db4de6acf364a59b66fd5f2892a4dc358ca61f1da88dfbbb3d97d5e528c2aca17fcff37990f75d76c1ab72f68bc13499ecdf888f460fd4

  • SSDEEP

    12288:jydTPaHeEs1JnOWYHU5YxA78uAtd44m1UDajcKaqX:jOTPaHeE8OWXIuj4m2DcaqX

  Score

  10^/10

  gcleaneronlyloggerdiscoveryloader

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner

  • Gcleaner family

    gcleaner

  • OnlyLogger

    A tiny loader that uses IPLogger to get its payload.

    loaderonlylogger

  • Onlylogger family

    onlylogger

  • OnlyLogger payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  behavioral1behavioral2