General

  • Target

    4ba3b170621efc2610c377d59afaa760_NeikiAnalytics.exe

  • Size

    282KB

  • Sample

    240522-2ce24abb71

  • MD5

    4ba3b170621efc2610c377d59afaa760

  • SHA1

    930acfab9086b964ac5a80a587d0ddfcecf94177

  • SHA256

    e2f53a888380a25369efb53f2f286b6bb64a46012ce38dc24ba3699aeb6df169

  • SHA512

    4ee082240f70079c41c0af78bbfc7c7a6cb0bdcb87514fb656e60c55a2f79cd0da2ff9dc43022416139c63f7ae948926602132628b88487dc80d42fcead4c4a9

  • SSDEEP

    3072:crNw6+NQHMGq5+C4l4osSTZ60MwuBRv6tlu6tA8A/a9V0m6X0bw+lyiCR851pU7u:cr4Yc5+Nl3/Z4itljyIP0PNwyi3b

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

5.42.65.64

Targets

    • Target

      4ba3b170621efc2610c377d59afaa760_NeikiAnalytics.exe

    • Size

      282KB

    • MD5

      4ba3b170621efc2610c377d59afaa760

    • SHA1

      930acfab9086b964ac5a80a587d0ddfcecf94177

    • SHA256

      e2f53a888380a25369efb53f2f286b6bb64a46012ce38dc24ba3699aeb6df169

    • SHA512

      4ee082240f70079c41c0af78bbfc7c7a6cb0bdcb87514fb656e60c55a2f79cd0da2ff9dc43022416139c63f7ae948926602132628b88487dc80d42fcead4c4a9

    • SSDEEP

      3072:crNw6+NQHMGq5+C4l4osSTZ60MwuBRv6tlu6tA8A/a9V0m6X0bw+lyiCR851pU7u:cr4Yc5+Nl3/Z4itljyIP0PNwyi3b

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks