gcleaner | 635a57a5aad400fc0468a8fe9d5ae5306828ee2c707015d9b8ba8f8f7b0e5408 | Triage

Submit
Reports

Overview

overview

Static

static

3

635a57a5aa...cs.exe

windows7-x64

635a57a5aa...cs.exe

windows10-2004-x64

Sharing

General

Target

635a57a5aad400fc0468a8fe9d5ae5306828ee2c707015d9b8ba8f8f7b0e5408_NeikiAnalytics.exe
Size

213KB
Sample

240629-e6qpcs1cmd
MD5

572e5a5ad053c0e8c53b78ae830da350
SHA1

91e6db7de14cfe21a00a22a1ebe13209ae2acd2c
SHA256

635a57a5aad400fc0468a8fe9d5ae5306828ee2c707015d9b8ba8f8f7b0e5408
SHA512

c214d7fb3eba1dea4f3ece682d7ae17b2427505a216e99753a76f6e72572eac56d515fd7dec5f0877a2ca2ba0b30a0c56a4fdc58b26759097af15bd4075215da
SSDEEP

3072:0z56ceCR14+J2Wqp8wkc9FxtfvNw5OZw2ri+s+h0l4eVIZi4Z:0zsc/RBkp8wkWFxte5OZI+s+c4GE

Score

10^/10

gcleaner loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

635a57a5aad400fc0468a8fe9d5ae5306828ee2c707015d9b8ba8f8f7b0e5408_NeikiAnalytics.exe

Resource

win7-20240611-en

gcleaner loader

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

635a57a5aad400fc0468a8fe9d5ae5306828ee2c707015d9b8ba8f8f7b0e5408_NeikiAnalytics.exe

Resource

win10v2004-20240611-en

gcleaner loader

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

185.172.128.69

Attributes

url_path
/advdlc.php

Targets

- Target
  
  635a57a5aad400fc0468a8fe9d5ae5306828ee2c707015d9b8ba8f8f7b0e5408_NeikiAnalytics.exe
- Size
  
  213KB
- MD5
  
  572e5a5ad053c0e8c53b78ae830da350
- SHA1
  
  91e6db7de14cfe21a00a22a1ebe13209ae2acd2c
- SHA256
  
  635a57a5aad400fc0468a8fe9d5ae5306828ee2c707015d9b8ba8f8f7b0e5408
- SHA512
  
  c214d7fb3eba1dea4f3ece682d7ae17b2427505a216e99753a76f6e72572eac56d515fd7dec5f0877a2ca2ba0b30a0c56a4fdc58b26759097af15bd4075215da
- SSDEEP
  
  3072:0z56ceCR14+J2Wqp8wkc9FxtfvNw5OZw2ri+s+h0l4eVIZi4Z:0zsc/RBkp8wkWFxte5OZI+s+c4GE
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy