gcleaner | e2f53a888380a25369efb53f2f286b6bb64a46012ce38dc24ba3699aeb6df169 | Triage

Sharing

General

Target

4ba3b170621efc2610c377d59afaa760_NeikiAnalytics.exe
Size

282KB
Sample

240522-2ce24abb71
MD5

4ba3b170621efc2610c377d59afaa760
SHA1

930acfab9086b964ac5a80a587d0ddfcecf94177
SHA256

e2f53a888380a25369efb53f2f286b6bb64a46012ce38dc24ba3699aeb6df169
SHA512

4ee082240f70079c41c0af78bbfc7c7a6cb0bdcb87514fb656e60c55a2f79cd0da2ff9dc43022416139c63f7ae948926602132628b88487dc80d42fcead4c4a9
SSDEEP

3072:crNw6+NQHMGq5+C4l4osSTZ60MwuBRv6tlu6tA8A/a9V0m6X0bw+lyiCR851pU7u:cr4Yc5+Nl3/Z4itljyIP0PNwyi3b

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

5.42.65.64

Targets

- Target
  
  4ba3b170621efc2610c377d59afaa760_NeikiAnalytics.exe
- Size
  
  282KB
- MD5
  
  4ba3b170621efc2610c377d59afaa760
- SHA1
  
  930acfab9086b964ac5a80a587d0ddfcecf94177
- SHA256
  
  e2f53a888380a25369efb53f2f286b6bb64a46012ce38dc24ba3699aeb6df169
- SHA512
  
  4ee082240f70079c41c0af78bbfc7c7a6cb0bdcb87514fb656e60c55a2f79cd0da2ff9dc43022416139c63f7ae948926602132628b88487dc80d42fcead4c4a9
- SSDEEP
  
  3072:crNw6+NQHMGq5+C4l4osSTZ60MwuBRv6tlu6tA8A/a9V0m6X0bw+lyiCR851pU7u:cr4Yc5+Nl3/Z4itljyIP0PNwyi3b
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2