Extracted

• • Target

    c68a2d519387d3687404d3788bfb6bfb797883ab4c05e05e38eeea952d07f323.exe

  • Size

    444KB

  • MD5

    615052f6e47e830139e84b6a637b4cc9

  • SHA1

    a97cc8ea643bd704232556bf617aade1deab8269

  • SHA256

    c68a2d519387d3687404d3788bfb6bfb797883ab4c05e05e38eeea952d07f323

  • SHA512

    44a9334e917cb59eb22f7969c49944c9554c90da8e79146745d237af9a38a693d00c0dafa6a5bdb4723b2977f50757949f1eaef1f8067c65ae97e4db65734fb3

  • SSDEEP

    12288:efdgTBtlvcWmxZ1S9nTQD6erx3fuwBdCnkNTDevWhj:eFg9tcXS9cxPuJnkZDB

  Score

  10^/10

  gcleaneronlyloggerdiscoveryloader

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner

  • Gcleaner family

    gcleaner

  • OnlyLogger

    A tiny loader that uses IPLogger to get its payload.

    loaderonlylogger

  • Onlylogger family

    onlylogger

  • OnlyLogger payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  behavioral1behavioral2