gcleaner | 29a104b4b1be809942ef96e5915e88589da6410bab7c5fe4176cb58d58822cbb | Triage

Submit
Reports

Overview

overview

Static

static

1

81d1f05b95...fd.exe

windows7-x64

81d1f05b95...fd.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

e7aa024138efb18d8aab5bd3fafbf5fa.bin
Size

3.0MB
Sample

230214-b8spyshh63
MD5

faaea82d115ceb123e35e74a969b7177
SHA1

64370b4646ebfadfa1ba4d57fadc9d91130a59b2
SHA256

29a104b4b1be809942ef96e5915e88589da6410bab7c5fe4176cb58d58822cbb
SHA512

4a39385009cd91de68478ac9c306c4638a431f9239878a9fc83596f17807b84129982c29b9120619d6724c984de328ec93942aacee1d224746dac30e6cebfbbc
SSDEEP

49152:ADh0eeHkocguQr7ZuchNoFjaB7+vYlm5M3CZ444jjsIURRZmbMcpZdZSC8OZY5aB:Qh5eRpuGoQp7Npg7bceBOO5aMTIUIoJm

Score

10^/10

gcleaner discovery loader

Static task

static1

Behavioral task

behavioral1

Sample

81d1f05b95bff03b8157b0093097983800556e85cc3eb9b58ff562b54f86f5fd.exe

Resource

win7-20220812-en

gcleaner discovery loader

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

81d1f05b95bff03b8157b0093097983800556e85cc3eb9b58ff562b54f86f5fd.exe

Resource

win10v2004-20221111-en

gcleaner discovery loader

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  81d1f05b95bff03b8157b0093097983800556e85cc3eb9b58ff562b54f86f5fd.exe
- Size
  
  3.3MB
- MD5
  
  e7aa024138efb18d8aab5bd3fafbf5fa
- SHA1
  
  da036940ddbf7ab56075e1cbdc6fe4ece587a679
- SHA256
  
  81d1f05b95bff03b8157b0093097983800556e85cc3eb9b58ff562b54f86f5fd
- SHA512
  
  a976bd67633a6299c51013c48016cdcaafbc416fb374f4e0a8ccc0bed80e380138cc67c09591731fe77b73bb34bd1abb7d5b4221e2817114fdaaee3637485b9e
- SSDEEP
  
  49152:rdHOMYx5NyRaAyz2mNmXzuS5PTnUduM9rn8nMmaMAVI0GulLCgv2MR:JHh+CRiWXbtTnM2aLHGwv2MR
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader

© 2018-2025

Terms | Privacy