Extracted

• • Target

    JaffaCakes118_2ea682eee8468fdee8f1361934625225

  • Size

    433KB

  • MD5

    2ea682eee8468fdee8f1361934625225

  • SHA1

    264c0d6f5722df8f4480ffd14a89ea8a982bfe3e

  • SHA256

    a8a39400f62a9033bc9c447cca7c5b69a66555fbfe5913a5d773503d9f1cad9b

  • SHA512

    d17b8c12b52b970b0295339b8348820743f4729adbd8101b06dbd307b307ecb550778d22a88393cccf2a8e36f822af1319a050ff8c8ba4042a2cd765bb1cfdc4

  • SSDEEP

    12288:vbRN4YywAwR2TlHAqNiw18kPKlGR0zp4U:v9N4/wR2hDekPcGR8

  Score

  10^/10

  gcleaneronlyloggerdiscoveryloader

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner

  • Gcleaner family

    gcleaner

  • OnlyLogger

    A tiny loader that uses IPLogger to get its payload.

    loaderonlylogger

  • Onlylogger family

    onlylogger

  • OnlyLogger payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  behavioral1behavioral2