gcleaner | ab1dc5a4244af2a20966fa5f163db1394f7eb3b45d48f57d307d3ae0d18c8058 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

d52e0d5d4a...d6.exe

windows7-x64

d52e0d5d4a...d6.exe

windows10-2004-x64

Sharing

General

Target

b066cf877c0d3bf70475d9f5a656143d.bin
Size

2.0MB
Sample

230206-l5k6tagf6v
MD5

b29ffac85076062db874338cde3b2d88
SHA1

99e9b77122bdcfb955f05617af806fc5b3d6b54d
SHA256

ab1dc5a4244af2a20966fa5f163db1394f7eb3b45d48f57d307d3ae0d18c8058
SHA512

2e6b0cf0f968c692a00aaf6d8ef894e0847af90978226874fc83d7e78eab78ce27d7d8473d77de49136e5653dd3fbf2d196ce22b049b4c4c0ab23dc53058203c
SSDEEP

49152:6Eg2DkKJNv7MeG54giAVrxyBRCfxsL6uPnRqP/R:qvYweG54gBVrcBRCCLlRqPZ

Score

10^/10

gcleaner discovery loader

Static task

static1

Behavioral task

behavioral1

Sample

d52e0d5d4a1af3a9d2c83d6d7afca153a7b1d219f999e4e8f2315c79487b02d6.exe

Resource

win7-20221111-en

gcleaner discovery loader

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

d52e0d5d4a1af3a9d2c83d6d7afca153a7b1d219f999e4e8f2315c79487b02d6.exe

Resource

win10v2004-20221111-en

gcleaner discovery loader

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  d52e0d5d4a1af3a9d2c83d6d7afca153a7b1d219f999e4e8f2315c79487b02d6.exe
- Size
  
  2.2MB
- MD5
  
  b066cf877c0d3bf70475d9f5a656143d
- SHA1
  
  ef1837c7b61013524bc7800dcb5438ee315ff02c
- SHA256
  
  d52e0d5d4a1af3a9d2c83d6d7afca153a7b1d219f999e4e8f2315c79487b02d6
- SHA512
  
  4135d747d9ca434b1c97c1f7ac62ca9406f587549b035303bf99ea30d722203eb5a23f742cd2a4c74390da861dc6122f8dbb30b4579637e67d9f9a61a822544e
- SSDEEP
  
  49152:d3Z0tg7QSmghqYxeme9qomrvikGbRNDRklVqLFBoxvdVYZLCgv2MR:X0qFk8vikGbXDRklVqJBox01v2MR
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader

© 2018-2025

Terms | Privacy