Extracted

• • Target

    ccf66bd00babb14dfcbf7d1f13625c94_JaffaCakes118

  • Size

    356KB

  • MD5

    ccf66bd00babb14dfcbf7d1f13625c94

  • SHA1

    2a4c6e9245c473bc18f3dabcacbf59a9588f7ebd

  • SHA256

    bb5d78931ceb7836f22fe7f18d5a75d6a6fb6bd4fa5698b6dbc8758c0d6724f3

  • SHA512

    79db965b9995f327457d9de5ee37fe0ec656610e395c9b8f5541928e479c4932b937998cecc613bc10e5e36cbf89c7408b5e31a92f10cad989cbacd5d49ab830

  • SSDEEP

    6144:uvVJBGUIyAZCup0M8PTBnBK3lCnlAgIhqeyoV7NBaz4k7xO21DON:udPLIyA5p25BOlum/Yey+BBCxO6ON

  Score

  10^/10

  gcleaneronlyloggerdiscoveryloader

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner

  • Gcleaner family

    gcleaner

  • OnlyLogger

    A tiny loader that uses IPLogger to get its payload.

    loaderonlylogger

  • Onlylogger family

    onlylogger

  • OnlyLogger payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  behavioral1behavioral2