gcleaner | 3d7711a9cc14e18b3841c0198cb382dcce91e8d14fd28e0cf3febc6fd7171ee9 | Triage

Submit
Reports

Overview

overview

Static

static

6983cc86a3...72.exe

windows7-x64

6983cc86a3...72.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

aedba986bcb83f9b30167c344e42005a.bin
Size

1.7MB
Sample

230130-x24drsdf4w
MD5

7081a923ef813eca02c18f3e8d262e0b
SHA1

d1f4ebb34e78a1d885e7b98fd76dc736bdea12d3
SHA256

3d7711a9cc14e18b3841c0198cb382dcce91e8d14fd28e0cf3febc6fd7171ee9
SHA512

731116c69a4de4444b315cc9e5af0cf382d4c652a8546265eef1a121f6ef1093b4d5b0c80f051e89976a4ed37164ff25ddd736976c25014ba1247169b693a8b8
SSDEEP

49152:waltHF/lRfmO8ubZT1sofmW1p79vtp+xSziiZf:wkxF/lRO6rsoT7l+iZf

Score

10^/10

gcleaner discovery loader

Static task

static1

Behavioral task

behavioral1

Sample

6983cc86a386c04a383cfbeaaf06f97364fe43d42ecfdbba9aab98750fa2f472.exe

Resource

win7-20220901-en

gcleaner discovery loader

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

6983cc86a386c04a383cfbeaaf06f97364fe43d42ecfdbba9aab98750fa2f472.exe

Resource

win10v2004-20220812-en

gcleaner discovery loader

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  6983cc86a386c04a383cfbeaaf06f97364fe43d42ecfdbba9aab98750fa2f472.exe
- Size
  
  1.8MB
- MD5
  
  aedba986bcb83f9b30167c344e42005a
- SHA1
  
  1704ed0d489c13f71994e551c058143b8596943c
- SHA256
  
  6983cc86a386c04a383cfbeaaf06f97364fe43d42ecfdbba9aab98750fa2f472
- SHA512
  
  da1e4d479271af087a088ba4a031d0d5c6c00acc9cd83a73a1a69899849e60fd74e08ae8e4ebf43f8758a2f84211f8180658a3ea24d6d5bac1ae6df7f70140af
- SSDEEP
  
  49152:okug+wO797PAPDeUZG0XtHymHhUuQ3I7VnuWgkTNTVLCgv2MR:hug+V79gDesG0XJymH6uSI7VuiTJv2MR
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader

© 2018-2025

Terms | Privacy