Extracted

• • Target

    JaffaCakes118_824846740481f400d9759e7f4694d869

  • Size

    431KB

  • MD5

    824846740481f400d9759e7f4694d869

  • SHA1

    a4ed2d684bb544929a4318d7883419cd7bcd1632

  • SHA256

    95d29ef06b4fd4e882b341fb142b880179e79d20f643fcf8c9d8e15693be1833

  • SHA512

    b4e1a815ba7096d8f40b493fa678eba3a1f4754aed5f2d35edb549f20162d4b2003e88868d38fa017bea31dc927bc7bf2f0ab9fa6338dbaec7e1cbff61b0d783

  • SSDEEP

    12288:6aBNfc0nKmROQCOkj7+fLdumr9miXhDjZ1:Rj0MxRlC765umpth

  Score

  10^/10

  gcleaneronlyloggerdiscoveryloader

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner

  • Gcleaner family

    gcleaner

  • OnlyLogger

    A tiny loader that uses IPLogger to get its payload.

    loaderonlylogger

  • Onlylogger family

    onlylogger

  • OnlyLogger payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  behavioral1behavioral2