Extracted

• • Target

    JaffaCakes118_604207f9f6117156bf684c55d4d46000

  • Size

    401KB

  • MD5

    604207f9f6117156bf684c55d4d46000

  • SHA1

    eb769dff8dad891e5162d9dc1c0b41311ad4e6cf

  • SHA256

    71f9fb88517309d647dd7193cabedffcdadf4a06de61494105bca5ad2641fd65

  • SHA512

    5e2608468dc7bc2f19654791aa313c6211549794d847d4db19ee188b9c0c7b046d0a70cd2e501c2a590a7a8b6922803f6c361140eafacf982d59315913e556c8

  • SSDEEP

    6144:SIAvu3x1GEVMtDURIvEk3GaXBBQfAO0ITVY75z4XShqe+nPr1lj:SIUu3XZVMtDBvXhkVRTVYlznqe+Pr1

  Score

  10^/10

  gcleaneronlyloggerdiscoveryloader

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner

  • Gcleaner family

    gcleaner

  • OnlyLogger

    A tiny loader that uses IPLogger to get its payload.

    loaderonlylogger

  • Onlylogger family

    onlylogger

  • OnlyLogger payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  behavioral1behavioral2