gcleaner | 8049bcfc9c66e9b359dfe3f87a9d9d36def5e10472cd3ae55bd10dd5dc986504 | Triage

Submit
Reports

Overview

overview

Static

static

1

ba5cdd881f...6d.exe

windows7-x64

ba5cdd881f...6d.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

262a9c846d31f82aba3546d6099bfc6c.bin
Size

2.1MB
Sample

230211-bgcjnagd81
MD5

c4274e2819c1463f174b94a5af5cf59b
SHA1

a7b0772b44f103df6bbb346b9c27cb730707d7f4
SHA256

8049bcfc9c66e9b359dfe3f87a9d9d36def5e10472cd3ae55bd10dd5dc986504
SHA512

9079ee8bcec3386668ae8a3fb9cb95270a6807b241f06aa8d86211a635d3f521f7c39282ed87eba08d0e9451480effc3e8de0716ec9100e88f295deb93c331df
SSDEEP

49152:79V5M8xFLevgcuWIC/WSh8OSFRyL2/SxbS0cYqt:JVqeFLeTtIC/ztbL2KlLqt

Score

10^/10

gcleaner discovery loader

Static task

static1

Behavioral task

behavioral1

Sample

ba5cdd881f9f00d471e168281e367ea1ea8744a79ee488c23f0fb1c61b321a6d.exe

Resource

win7-20220901-en

gcleaner discovery loader

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

ba5cdd881f9f00d471e168281e367ea1ea8744a79ee488c23f0fb1c61b321a6d.exe

Resource

win10v2004-20220812-en

gcleaner discovery loader

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  ba5cdd881f9f00d471e168281e367ea1ea8744a79ee488c23f0fb1c61b321a6d.exe
- Size
  
  2.4MB
- MD5
  
  262a9c846d31f82aba3546d6099bfc6c
- SHA1
  
  8e3193c110f3d5e00281b48f29165da231b7bad2
- SHA256
  
  ba5cdd881f9f00d471e168281e367ea1ea8744a79ee488c23f0fb1c61b321a6d
- SHA512
  
  2a7c82d30c43a23c6afa64fd9defbfdaee0fe555785de75fa7d85159731af1413f87c37eaf3f7d9a1f166bf70518298a8af7444cce639f007873da6758f93162
- SSDEEP
  
  49152:rdHN3mnCaMm05vJaeYdhQXH6AW2kwzLLCgv2MR:JH8nwpdYdhQXjl37v2MR
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader

© 2018-2025

Terms | Privacy