General

  • Target

    21fce6c0f1dc6cdff5b4d18d59eec7b0_NeikiAnalytics

  • Size

    301KB

  • Sample

    240509-nf3exaeh2w

  • MD5

    21fce6c0f1dc6cdff5b4d18d59eec7b0

  • SHA1

    2fe05c133d9216ac68cf38e4a8f6caa588a105cc

  • SHA256

    de0f8c6bfa3a611ff1087431aef944537ea15cd8fba6555d6d377bace6207278

  • SHA512

    d33730334c2acaef06fc3a839808f2cc81b59341ce82bde49101ca8b4ce15e6150dab520c82c1dc2581a6bb49c8b19e0c496d746ed6ccb93729baeb42a8e23e5

  • SSDEEP

    6144:My91EEz4OoQJtv5zPof/KXNr+35q4ruMHx:MyoHgrJQyXNO9

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes
  • url_path

    /advdlc.php

Targets

    • Target

      21fce6c0f1dc6cdff5b4d18d59eec7b0_NeikiAnalytics

    • Size

      301KB

    • MD5

      21fce6c0f1dc6cdff5b4d18d59eec7b0

    • SHA1

      2fe05c133d9216ac68cf38e4a8f6caa588a105cc

    • SHA256

      de0f8c6bfa3a611ff1087431aef944537ea15cd8fba6555d6d377bace6207278

    • SHA512

      d33730334c2acaef06fc3a839808f2cc81b59341ce82bde49101ca8b4ce15e6150dab520c82c1dc2581a6bb49c8b19e0c496d746ed6ccb93729baeb42a8e23e5

    • SSDEEP

      6144:My91EEz4OoQJtv5zPof/KXNr+35q4ruMHx:MyoHgrJQyXNO9

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

MITRE ATT&CK Enterprise v15

Tasks