Extracted

• • Target

    JaffaCakes118_1f6f848957120d740d39b860f479e8b9

  • Size

    439KB

  • MD5

    1f6f848957120d740d39b860f479e8b9

  • SHA1

    8dbccfed0281d7fbb896b48cbc8ee739612bfab7

  • SHA256

    946bb6d961cc5cdd58e3772c695fcaf967a68fd83ed8b6bd43029f3fb90c69a0

  • SHA512

    23920af4b22bb89fc2265063fdd5d097be26fc28b78baac199d0b91424d58a7be3fc358518b0ba8ed871cc07bcb6034bec8e26716602ffb7bdbadcdafc127d8f

  • SSDEEP

    6144:oYO/gkYrO+hEaDW9FU6oHZxfQ9+GX/QIQq0qop+Lv7sBuzJWQs0d7:HDkYr9GOo8ZmoU/QIKqo+L8uzJP9d

  Score

  10^/10

  gcleaneronlyloggerdiscoveryloader

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner

  • Gcleaner family

    gcleaner

  • OnlyLogger

    A tiny loader that uses IPLogger to get its payload.

    loaderonlylogger

  • Onlylogger family

    onlylogger

  • OnlyLogger payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  behavioral1behavioral2