Extracted

• • Target

    JaffaCakes118_618b9c37470513652fcee22a118b31bd

  • Size

    444KB

  • MD5

    618b9c37470513652fcee22a118b31bd

  • SHA1

    db1ef92f18adcdbdb7a7e41a3942b7bd47adac3d

  • SHA256

    431da2bfead5da6bfa24bf8ecd9a43863ff06f0ea5cf76f330d7359ade0b23b6

  • SHA512

    25ca82f50c2df6fa23c588f0e1e5f98ceb85463f41729ce029b44ed46eeeb7057cfbe2ee38246fc5b9f4d4604dab55ea3dc2553c42195747fb55ea9db9632ab2

  • SSDEEP

    12288:jydTPaHeEs1JnOWYHU5YxA78uAtd44m1UDajcKaq:jOTPaHeE8OWXIuj4m2Dcaq

  Score

  10^/10

  gcleaneronlyloggerdiscoveryloader

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner

  • Gcleaner family

    gcleaner

  • OnlyLogger

    A tiny loader that uses IPLogger to get its payload.

    loaderonlylogger

  • Onlylogger family

    onlylogger

  • OnlyLogger payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  behavioral1behavioral2