Extracted

• • Target

    JaffaCakes118_bf8a7c8ceb663636e27bc88969e07254

  • Size

    437KB

  • MD5

    bf8a7c8ceb663636e27bc88969e07254

  • SHA1

    4333219aec36dc042c77506dc3d55523315202b8

  • SHA256

    47075f43ae57e74e2c85e4504cd25df4ad290f22da7b7dfd110dcac8f10bf38d

  • SHA512

    96ddd6640a34df5a0ae91c81f94e78e4ab2b42e35c4b7b299ccc5c157711c18140ef9419d2c364584fd11af51c606a141264e6b4ecf1410423e22cc89ec128dc

  • SSDEEP

    6144:YcTpByzxSPvAhDzaHaqePi2ER7xy1MJKuU9uB55LxNtIOp4O+/c6xJ0:/TitUAdI3egy1bV0tF14O+06xS

  Score

  10^/10

  gcleaneronlyloggerdiscoveryloader

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner

  • Gcleaner family

    gcleaner

  • OnlyLogger

    A tiny loader that uses IPLogger to get its payload.

    loaderonlylogger

  • Onlylogger family

    onlylogger

  • OnlyLogger payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  behavioral1behavioral2