gcleaner | 3a2010afc7c66c95626684484a956d68e854b3e138498b66ceebe2c8bea74317 | Triage

Sharing

General

Target

3a2010afc7c66c95626684484a956d68e854b3e138498b66ceebe2c8bea74317_NeikiAnalytics
Size

249KB
Sample

240521-mx7khsag77
MD5

4fb25fd184f97b38e6a0516a03c312c5
SHA1

3d52c147cecc372f3f44798575b0a1bd4da99e2e
SHA256

3a2010afc7c66c95626684484a956d68e854b3e138498b66ceebe2c8bea74317
SHA512

9a6b5f22d3b8e52b78e548f11fed0188b2bd9e369d55da5119adbe3d4f61c6b643c47229d54c7e70da10e9d05dbedb66d205985e7064221d7404fd4618d02efb
SSDEEP

6144:hwwIV6F0/NV9iQw4Y8W8XBvo2mkSGHZ40:hwwIV6F0VuaY8WnhGHq0

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes

url_path
/advdlc.php

Targets

- Target
  
  3a2010afc7c66c95626684484a956d68e854b3e138498b66ceebe2c8bea74317_NeikiAnalytics
- Size
  
  249KB
- MD5
  
  4fb25fd184f97b38e6a0516a03c312c5
- SHA1
  
  3d52c147cecc372f3f44798575b0a1bd4da99e2e
- SHA256
  
  3a2010afc7c66c95626684484a956d68e854b3e138498b66ceebe2c8bea74317
- SHA512
  
  9a6b5f22d3b8e52b78e548f11fed0188b2bd9e369d55da5119adbe3d4f61c6b643c47229d54c7e70da10e9d05dbedb66d205985e7064221d7404fd4618d02efb
- SSDEEP
  
  6144:hwwIV6F0/NV9iQw4Y8W8XBvo2mkSGHZ40:hwwIV6F0VuaY8WnhGHq0
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2