General
-
Target
ff4bac3b34630dfdf6f495bf8998c9e7_JaffaCakes118
-
Size
398KB
-
Sample
241219-la3sdaypcm
-
MD5
ff4bac3b34630dfdf6f495bf8998c9e7
-
SHA1
3a9457a39c51330928043492ac09e9683c9f90a0
-
SHA256
edee9e5dad08e72deb2ef9e5b872d9c4e84e90d1ed8a27a33300edc32d62d084
-
SHA512
4b91eeda2ee00428a40e4b1c29b1758ef9890a4298adf30185b37247646b1dc95f2e40b7f3c3f9c5570d490326fc72e6abfbfe82548cae2e757f2f7143c06ad9
-
SSDEEP
6144:/oYTiypE8Ykgfgc0CmYvg+k6zDMv1Sp0jUqDFxbqJL64WExOOhxxdeTr/ekI:bpYIpRAk6zDqSp0ZF6L6k1zxd6L
Malware Config
Extracted
gcleaner
gcl-page.biz
194.145.227.161
Targets
-
-
Target
ff4bac3b34630dfdf6f495bf8998c9e7_JaffaCakes118
-
Size
398KB
-
MD5
ff4bac3b34630dfdf6f495bf8998c9e7
-
SHA1
3a9457a39c51330928043492ac09e9683c9f90a0
-
SHA256
edee9e5dad08e72deb2ef9e5b872d9c4e84e90d1ed8a27a33300edc32d62d084
-
SHA512
4b91eeda2ee00428a40e4b1c29b1758ef9890a4298adf30185b37247646b1dc95f2e40b7f3c3f9c5570d490326fc72e6abfbfe82548cae2e757f2f7143c06ad9
-
SSDEEP
6144:/oYTiypE8Ykgfgc0CmYvg+k6zDMv1Sp0jUqDFxbqJL64WExOOhxxdeTr/ekI:bpYIpRAk6zDqSp0ZF6L6k1zxd6L
Score10/10-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Gcleaner family
-
OnlyLogger
A tiny loader that uses IPLogger to get its payload.
-
Onlylogger family
-
OnlyLogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-