gcleaner | 9a885368e7703275d075baa8965c688930596c48b8cf631ebea41bef46769553 | Triage

Sharing

General

Target

7f28bc770db4244397e69028858a91e0_NeikiAnalytics.exe
Size

275KB
Sample

240523-dmrlwabf8v
MD5

7f28bc770db4244397e69028858a91e0
SHA1

5885bbb8da07124c40c4639720921899edb8878f
SHA256

9a885368e7703275d075baa8965c688930596c48b8cf631ebea41bef46769553
SHA512

7f0c631175689962f1b08835cf87d56b496b91c4bceddac3439b7dfaf7366cc99cbce3dbdd5476e3ff4e8d2f99d0c56a21678c820cc9094e673e50e7132094d0
SSDEEP

3072:uLjZPZpe/AWfEga/8jgGX9dnChYAxMrfZECD13yfO1vPylrjstR/Gc5hlAuWr:u5PZwO/8j5tpChdxMzmCdlylPstRfAR

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  7f28bc770db4244397e69028858a91e0_NeikiAnalytics.exe
- Size
  
  275KB
- MD5
  
  7f28bc770db4244397e69028858a91e0
- SHA1
  
  5885bbb8da07124c40c4639720921899edb8878f
- SHA256
  
  9a885368e7703275d075baa8965c688930596c48b8cf631ebea41bef46769553
- SHA512
  
  7f0c631175689962f1b08835cf87d56b496b91c4bceddac3439b7dfaf7366cc99cbce3dbdd5476e3ff4e8d2f99d0c56a21678c820cc9094e673e50e7132094d0
- SSDEEP
  
  3072:uLjZPZpe/AWfEga/8jgGX9dnChYAxMrfZECD13yfO1vPylrjstR/Gc5hlAuWr:u5PZwO/8j5tpChdxMzmCdlylPstRfAR
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2