gcleaner | f528784611800a1021963abb33a7f62948540dbb3990b5f250df6f096db736d7 | Triage

Sharing

General

Target

7f490601c09215a7c268f566b61cbcf0_NeikiAnalytics.exe
Size

335KB
Sample

240619-d5nypstajg
MD5

7f490601c09215a7c268f566b61cbcf0
SHA1

aaf9b38e18ba842b714cc73a05dd546d4e9627dc
SHA256

f528784611800a1021963abb33a7f62948540dbb3990b5f250df6f096db736d7
SHA512

b4bf903aa605961b2fecf33008ceaac77d993cfc2a817eadf22bdc645eb5701ebfaa0e7c3421b46486317f9c5daf612c60aa9e1961f25b639dc77736f612fa3d
SSDEEP

6144:PsV8BdCCa6sAiVBeGZhhWzEkcxgdlwzy/NCCrIOu4TT:EV8CCasq9ncIkcCQzTCr//

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

185.172.128.69

Attributes

url_path
/advdlc.php

Targets

- Target
  
  7f490601c09215a7c268f566b61cbcf0_NeikiAnalytics.exe
- Size
  
  335KB
- MD5
  
  7f490601c09215a7c268f566b61cbcf0
- SHA1
  
  aaf9b38e18ba842b714cc73a05dd546d4e9627dc
- SHA256
  
  f528784611800a1021963abb33a7f62948540dbb3990b5f250df6f096db736d7
- SHA512
  
  b4bf903aa605961b2fecf33008ceaac77d993cfc2a817eadf22bdc645eb5701ebfaa0e7c3421b46486317f9c5daf612c60aa9e1961f25b639dc77736f612fa3d
- SSDEEP
  
  6144:PsV8BdCCa6sAiVBeGZhhWzEkcxgdlwzy/NCCrIOu4TT:EV8CCasq9ncIkcCQzTCr//
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2