Extracted

• • Target

    JaffaCakes118_0fff3a233688f29baba586bed98eb460

  • Size

    362KB

  • MD5

    0fff3a233688f29baba586bed98eb460

  • SHA1

    c5e498a2374431dc283703a4e6dd998925b52043

  • SHA256

    24947721f59a0ce3e171f32a33182005a857a2a67c78a28f6303a5d56b3fef58

  • SHA512

    bedf9b550407ab16e8c98eee364a550c2983e89801fface509522700ea18139274105ef4d2e8621815d3961d4fdbbeab635473163b924694e12bccc42f2b45bc

  • SSDEEP

    6144:WtlntEqzHQW23MMYL6Fhnw3AxR7DWv+nIG37wLebuIADG8el:WjntEhW23MMHF8uRvXoxD

  Score

  10^/10

  gcleaneronlyloggerdiscoveryloader

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner

  • Gcleaner family

    gcleaner

  • OnlyLogger

    A tiny loader that uses IPLogger to get its payload.

    loaderonlylogger

  • Onlylogger family

    onlylogger

  • OnlyLogger payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  behavioral1behavioral2