gcleaner | 35a4bc4b2f81c2e4ddeb9655e4d8141649bb5ab42a7014d46bea72fe9e61ab78 | Triage

Sharing

General

Target

35a4bc4b2f81c2e4ddeb9655e4d8141649bb5ab42a7014d46bea72fe9e61ab78_NeikiAnalytics
Size

279KB
Sample

240521-men1fsaa4y
MD5

4d0d9540d30d01d99421c519ccfd794a
SHA1

294ee86e7e75c69e6591ac83c357a5749e0c62c7
SHA256

35a4bc4b2f81c2e4ddeb9655e4d8141649bb5ab42a7014d46bea72fe9e61ab78
SHA512

593fc9ba5c64249677d7ab05d19881cf82f4c84976fd9b6a7ea10278076c3e111c0af528dbfde7d74843ee4c919616f9aa59c01ccd3a98c5df746906af5cfc9b
SSDEEP

3072:NM6/bHxVX56fXJEn3a83qHC29tJdafy5zM3rNVzicU65y9qkfK5yyNT2M/:NM6L56fZEn3aVC2NdQy5Y3rDX3kRm

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

5.42.65.64

Targets

- Target
  
  35a4bc4b2f81c2e4ddeb9655e4d8141649bb5ab42a7014d46bea72fe9e61ab78_NeikiAnalytics
- Size
  
  279KB
- MD5
  
  4d0d9540d30d01d99421c519ccfd794a
- SHA1
  
  294ee86e7e75c69e6591ac83c357a5749e0c62c7
- SHA256
  
  35a4bc4b2f81c2e4ddeb9655e4d8141649bb5ab42a7014d46bea72fe9e61ab78
- SHA512
  
  593fc9ba5c64249677d7ab05d19881cf82f4c84976fd9b6a7ea10278076c3e111c0af528dbfde7d74843ee4c919616f9aa59c01ccd3a98c5df746906af5cfc9b
- SSDEEP
  
  3072:NM6/bHxVX56fXJEn3a83qHC29tJdafy5zM3rNVzicU65y9qkfK5yyNT2M/:NM6L56fZEn3aVC2NdQy5Y3rDX3kRm
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2