gcleaner | db435db71ba964ff8f1c4034c5b0ce0b5ec5579a20e8ca9108d27be3232074e4 | Triage

Submit
Reports

Overview

overview

Static

static

1

50250dffa7...3b.exe

windows7-x64

50250dffa7...3b.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

205a48b41020c9d9c6c01503f7ba8acd.bin
Size

2.9MB
Sample

230215-bf79yagg9z
MD5

fa83332bb930ef653da64c5dcb00fedb
SHA1

27da2308ea658f30f38cbed516a446d3d4108c0d
SHA256

db435db71ba964ff8f1c4034c5b0ce0b5ec5579a20e8ca9108d27be3232074e4
SHA512

bc053225e96a4afc7e95ce44268a662d4c4bfb469de1fb2cba6f61f687292784ed25eac8ef4777eb4ef5f5292cd6fe16fe848d3e84d64095e823244b55b500e7
SSDEEP

49152:bF3hqB46gSbi+Ye1qcnfhg2lga7iNtbhQ8mB/239fEv/7aV5Stcn+f:p8NI7GB3ga7hlB/239sv/7i8ue

Score

10^/10

gcleaner discovery loader

Static task

static1

Behavioral task

behavioral1

Sample

50250dffa7becf4c5e3cb2071733df7cf283aab6fb61fc495c70a77e68ae1a3b.exe

Resource

win7-20221111-en

gcleaner discovery loader

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

50250dffa7becf4c5e3cb2071733df7cf283aab6fb61fc495c70a77e68ae1a3b.exe

Resource

win10v2004-20221111-en

gcleaner discovery loader

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  50250dffa7becf4c5e3cb2071733df7cf283aab6fb61fc495c70a77e68ae1a3b.exe
- Size
  
  3.2MB
- MD5
  
  205a48b41020c9d9c6c01503f7ba8acd
- SHA1
  
  2c99e1deb6ff73c5784bb5103849815dd874d32c
- SHA256
  
  50250dffa7becf4c5e3cb2071733df7cf283aab6fb61fc495c70a77e68ae1a3b
- SHA512
  
  8f4612c5639cc7d9d58fb2ac2930c843859098b9be9b1803f846510a8a88db24b508868383de12b91ff0eda285cd75f60d4daeaf12230ad49feb9502804e0335
- SSDEEP
  
  98304:JHBW5YgHzdSezY7f4SsUsYzlXj8rbIycIviv2MR:dNgHz5zOux2lzAbIychvjR
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader

© 2018-2025

Terms | Privacy