General
-
Target
JaffaCakes118_561a8be32d127d240913bf8f7bf45aba
-
Size
444KB
-
Sample
250107-jjpwrssrfp
-
MD5
561a8be32d127d240913bf8f7bf45aba
-
SHA1
6e8a5656a52176b39a1e0370514cfdfeddbc6910
-
SHA256
7b5d5d1ce731da4dad7785b72aa7f24a62b2a9cb202c824ca6d3aeb8492d7aab
-
SHA512
bcbc8d87ba9360ef24be67ba18156a3ae209fd01d1315c6d43473720601bed544200850d886e76b0f53d4270dabc7149c5d5ba21d8b9ed7024998b20dbfffbf3
-
SSDEEP
12288:blvgaJnWq36kMw03CPctkuGhAjeZMYJgiIUa:bnJWq36kMTffjUMYmn
Malware Config
Extracted
gcleaner
gcl-gb.biz
45.9.20.13
Targets
-
-
Target
JaffaCakes118_561a8be32d127d240913bf8f7bf45aba
-
Size
444KB
-
MD5
561a8be32d127d240913bf8f7bf45aba
-
SHA1
6e8a5656a52176b39a1e0370514cfdfeddbc6910
-
SHA256
7b5d5d1ce731da4dad7785b72aa7f24a62b2a9cb202c824ca6d3aeb8492d7aab
-
SHA512
bcbc8d87ba9360ef24be67ba18156a3ae209fd01d1315c6d43473720601bed544200850d886e76b0f53d4270dabc7149c5d5ba21d8b9ed7024998b20dbfffbf3
-
SSDEEP
12288:blvgaJnWq36kMw03CPctkuGhAjeZMYJgiIUa:bnJWq36kMTffjUMYmn
Score10/10-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Gcleaner family
-
OnlyLogger
A tiny loader that uses IPLogger to get its payload.
-
Onlylogger family
-
OnlyLogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-