General
-
Target
b0fa0bcc108148f84570ef680e20b730_NeikiAnalytics.exe
-
Size
338KB
-
Sample
240619-lk12jaxhng
-
MD5
b0fa0bcc108148f84570ef680e20b730
-
SHA1
171b26b28af0a05e94313fb0caa8c4d242fea03f
-
SHA256
f0bdefc179d3e24922f06558998fcff5a986835f64c320ae37121f953e2f7c90
-
SHA512
4fd5b196aeb5c0a3485272e1464c7031ba52aded67b2c5232f88bd626e812ccf2e70609f3a2d74ffc522f478ae46d004216b10fb5a73f5d54c89a18e8a3f95f5
-
SSDEEP
3072:6VRsT4sg0QtGoPBv0oBMLY1yv1K51BP4fD9hVhmpafNr+1hLtbSoymuTTbB:6V+T4scGoPWon1y0BP4fthMaGhhSvTH
Malware Config
Extracted
gcleaner
185.172.128.90
185.172.128.69
-
url_path
/advdlc.php
Targets
-
-
Target
b0fa0bcc108148f84570ef680e20b730_NeikiAnalytics.exe
-
Size
338KB
-
MD5
b0fa0bcc108148f84570ef680e20b730
-
SHA1
171b26b28af0a05e94313fb0caa8c4d242fea03f
-
SHA256
f0bdefc179d3e24922f06558998fcff5a986835f64c320ae37121f953e2f7c90
-
SHA512
4fd5b196aeb5c0a3485272e1464c7031ba52aded67b2c5232f88bd626e812ccf2e70609f3a2d74ffc522f478ae46d004216b10fb5a73f5d54c89a18e8a3f95f5
-
SSDEEP
3072:6VRsT4sg0QtGoPBv0oBMLY1yv1K51BP4fD9hVhmpafNr+1hLtbSoymuTTbB:6V+T4scGoPWon1y0BP4fthMaGhhSvTH
Score10/10-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-