General
-
Target
JaffaCakes118_d354116e0df4c415e8d9de5a80ed61bc
-
Size
248KB
-
Sample
250109-1v9hzssmcs
-
MD5
d354116e0df4c415e8d9de5a80ed61bc
-
SHA1
4999f52569672041dfa90b48bc200e42e419c57d
-
SHA256
7da8151aae38faa10b8f20bb012b4c3a403f0624c1c9600f42aea2f29bdcbc42
-
SHA512
0341042ffd11a661bebd7a0b036201d9095924640b67e3e246de0c87fdc1191c702010a531ae67a293fd9ff2731ce055bfe8e8045308a773149dece5c627e0ed
-
SSDEEP
3072:bnF7ClEjclOvBeC7a7/J75PtAnyahl3Xbt+3vKimjdu0FniB0QyFO8iHWw6mP553:bThX7o/JXuyCp2vKimjUIiBSeWwPD
Malware Config
Extracted
gcleaner
194.145.227.161
Targets
-
-
Target
JaffaCakes118_d354116e0df4c415e8d9de5a80ed61bc
-
Size
248KB
-
MD5
d354116e0df4c415e8d9de5a80ed61bc
-
SHA1
4999f52569672041dfa90b48bc200e42e419c57d
-
SHA256
7da8151aae38faa10b8f20bb012b4c3a403f0624c1c9600f42aea2f29bdcbc42
-
SHA512
0341042ffd11a661bebd7a0b036201d9095924640b67e3e246de0c87fdc1191c702010a531ae67a293fd9ff2731ce055bfe8e8045308a773149dece5c627e0ed
-
SSDEEP
3072:bnF7ClEjclOvBeC7a7/J75PtAnyahl3Xbt+3vKimjdu0FniB0QyFO8iHWw6mP553:bThX7o/JXuyCp2vKimjUIiBSeWwPD
Score10/10-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Gcleaner family
-
OnlyLogger
A tiny loader that uses IPLogger to get its payload.
-
Onlylogger family
-
OnlyLogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-