gcleaner | 08c7c21bbefe0fc62fbc5bf37f464e81574db7cd8ce10fbf4a7e045450abe5ef | Triage

Sharing

General

Target

b7e629285d8a3c38f22c9bad8dce0c30_NeikiAnalytics.exe
Size

320KB
Sample

240614-mf5plawgkd
MD5

b7e629285d8a3c38f22c9bad8dce0c30
SHA1

7408ee7b58c4c33be6d61a1bb94029e1380408d3
SHA256

08c7c21bbefe0fc62fbc5bf37f464e81574db7cd8ce10fbf4a7e045450abe5ef
SHA512

321ce08af7271cce1c29d3aea24ef53ee73d012421412f53120b9a823ee1cebbd998797d592fb4c8455299c0d640b7a0e2b9bcbb9bd56f73582f06b3f00eeb67
SSDEEP

3072:81hv0RLNdQ8nBLih5jBivt+dDM23jI/D9ZQ9V8MATs3637YNYtX7nIe54Mjw:8nULXQCBKYtahToQvmVU2tIMj

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  b7e629285d8a3c38f22c9bad8dce0c30_NeikiAnalytics.exe
- Size
  
  320KB
- MD5
  
  b7e629285d8a3c38f22c9bad8dce0c30
- SHA1
  
  7408ee7b58c4c33be6d61a1bb94029e1380408d3
- SHA256
  
  08c7c21bbefe0fc62fbc5bf37f464e81574db7cd8ce10fbf4a7e045450abe5ef
- SHA512
  
  321ce08af7271cce1c29d3aea24ef53ee73d012421412f53120b9a823ee1cebbd998797d592fb4c8455299c0d640b7a0e2b9bcbb9bd56f73582f06b3f00eeb67
- SSDEEP
  
  3072:81hv0RLNdQ8nBLih5jBivt+dDM23jI/D9ZQ9V8MATs3637YNYtX7nIe54Mjw:8nULXQCBKYtahToQvmVU2tIMj
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2