gcleaner | 5d54631abbcbf876e7b5df333b506866fa50054cabe638f7856a7b4e1e0883ca | Triage

Submit
Reports

Overview

overview

Static

static

1

0ef3fcc6aa...c2.exe

windows7-x64

0ef3fcc6aa...c2.exe

windows10-2004-x64

Sharing

General

Target

b342724316e09b5202c34987583fe0d2.bin
Size

1.9MB
Sample

230206-l8wfysgf7t
MD5

b03628ad4c82a87f79f182f945667a2e
SHA1

517c8c021920b1a12302c49e06c1365bbe106f91
SHA256

5d54631abbcbf876e7b5df333b506866fa50054cabe638f7856a7b4e1e0883ca
SHA512

da25d4d2371a39b12d499764177abcc01bb26f68476e616019209a35577a97e2eee23ba9aab83820a787803414a6bec020c6690abb00f7e5f496443db1750fda
SSDEEP

49152:Hr4kLxOZPIUNcIkRnGxf9Kbz+BXCbEbWLrNy:ckLMZPIUNLUefwCXCoers

Score

10^/10

gcleaner discovery loader

Static task

static1

Behavioral task

behavioral1

Sample

0ef3fcc6aa34956c10e6454490c43bc7352770cf5d05a2b11b8e9c41812dfbc2.exe

Resource

win7-20220812-en

gcleaner discovery loader

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

0ef3fcc6aa34956c10e6454490c43bc7352770cf5d05a2b11b8e9c41812dfbc2.exe

Resource

win10v2004-20221111-en

gcleaner discovery loader

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  0ef3fcc6aa34956c10e6454490c43bc7352770cf5d05a2b11b8e9c41812dfbc2.exe
- Size
  
  2.2MB
- MD5
  
  b342724316e09b5202c34987583fe0d2
- SHA1
  
  50524d1812e06c9810132d8bc8a0b08abb2d63ae
- SHA256
  
  0ef3fcc6aa34956c10e6454490c43bc7352770cf5d05a2b11b8e9c41812dfbc2
- SHA512
  
  b79dc71732f6a150c7ca4791f05283171c8834da6a51a0bd66648439b7270be1fd7679b4adf83354324aa212d8f88e6732d0f9e9061e1b86962951a4c95d6f99
- SSDEEP
  
  49152:d3Zy1X7RRi/S8NwWSyJi2bnTwYRNYDdLcgh4YdJLCgv2MR:XmXv8xSWSK5Ruzxbv2MR
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader

© 2018-2025

Terms | Privacy