gcleaner | 460c90355be14c87cb0c65165a87a4d0f75299ce65f6ef9c61620b6b0c134de3 | Triage

Sharing

General

Target

4c4c3688896d1715b543120f8287d1a0_NeikiAnalytics.exe
Size

367KB
Sample

240618-qyc9vawbpg
MD5

4c4c3688896d1715b543120f8287d1a0
SHA1

366a8bab98b846b7ea15d270104b875cf8da1b56
SHA256

460c90355be14c87cb0c65165a87a4d0f75299ce65f6ef9c61620b6b0c134de3
SHA512

d42a96945275c6e01e2731b9f92c517105958880ff1b90654fa25cae5e30138534a21b0e14a0948a72149f61a556c5731500d5075742961cdc6e16d4a7321259
SSDEEP

6144:tgV3I6mI4Owcitu68nLr/eG7YdtacTqIOu4TT:CV3cI4/cT6uLr2cYdr2//

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

- Target
  
  4c4c3688896d1715b543120f8287d1a0_NeikiAnalytics.exe
- Size
  
  367KB
- MD5
  
  4c4c3688896d1715b543120f8287d1a0
- SHA1
  
  366a8bab98b846b7ea15d270104b875cf8da1b56
- SHA256
  
  460c90355be14c87cb0c65165a87a4d0f75299ce65f6ef9c61620b6b0c134de3
- SHA512
  
  d42a96945275c6e01e2731b9f92c517105958880ff1b90654fa25cae5e30138534a21b0e14a0948a72149f61a556c5731500d5075742961cdc6e16d4a7321259
- SSDEEP
  
  6144:tgV3I6mI4Owcitu68nLr/eG7YdtacTqIOu4TT:CV3cI4/cT6uLr2cYdr2//
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2