gcleaner | 42bf70152219d91c9c5d43f9be59794590f4c8a5f3296b38e4a8c2e5ecae87d6 | Triage

Submit
Reports

Overview

overview

Static

static

1

file.exe

windows7-x64

file.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

2.2MB
Sample

230204-xps29she6z
MD5

4b95c47836e9a783ba28a98ac3b15831
SHA1

0e8eeaf424a3f02d4f0c662def24d86d308b3197
SHA256

42bf70152219d91c9c5d43f9be59794590f4c8a5f3296b38e4a8c2e5ecae87d6
SHA512

55df6a8b614e3e7201a162dc2e8d82d9a4db1875f55ffb8db1ba9bfb575bd00edf1cf800770064d92d47bddef624f760fc61b2a1f6479c4c0d6a2061ca73e32f
SSDEEP

49152:d3ZTb3f1nHFztIUOyUgvLpm+PMP6nIaUligNx8IeLCgv2MR:XTj1nlxIfyUgvI+PmawigNn+v2MR

Score

10^/10

gcleaner discovery loader

Static task

static1

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20221111-en

gcleaner discovery loader

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20221111-en

gcleaner discovery loader

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  file.exe
- Size
  
  2.2MB
- MD5
  
  4b95c47836e9a783ba28a98ac3b15831
- SHA1
  
  0e8eeaf424a3f02d4f0c662def24d86d308b3197
- SHA256
  
  42bf70152219d91c9c5d43f9be59794590f4c8a5f3296b38e4a8c2e5ecae87d6
- SHA512
  
  55df6a8b614e3e7201a162dc2e8d82d9a4db1875f55ffb8db1ba9bfb575bd00edf1cf800770064d92d47bddef624f760fc61b2a1f6479c4c0d6a2061ca73e32f
- SSDEEP
  
  49152:d3ZTb3f1nHFztIUOyUgvLpm+PMP6nIaUligNx8IeLCgv2MR:XTj1nlxIfyUgvI+PmawigNn+v2MR
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader

© 2018-2025

Terms | Privacy