gcleaner | 17942f712170cff81532bafb5d365825823d6b47787cf72e61daa9947b20e9bb | Triage

Submit
Reports

Overview

overview

Static

static

1

23f623473d...26.exe

windows7-x64

23f623473d...26.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

067277a0342b6902050e386c012e0b3c.bin
Size

2.8MB
Sample

230217-bcr4jsda32
MD5

ce9ec60a277cc11d9915bb243c84ce49
SHA1

2cb50b2f180737e41b061f59633195745c258ddc
SHA256

17942f712170cff81532bafb5d365825823d6b47787cf72e61daa9947b20e9bb
SHA512

e2ed8e99ddc2262d5b431b4c217902ae46b7d7e7b075dc2aa3bf6f7ec0b0c1b3ce0a6c227389368aee2e9b67859e903897cf24ca2ba32ef889f32220ade267de
SSDEEP

49152:HMx23ll0VRw0Wq31PlxzgqYpDV0SRAwiVMWffY/FosUHrnyPYHlb8lTWd:sAkLWq31PK0AiVMbonyPYH2A

Score

10^/10

gcleaner discovery loader

Static task

static1

Behavioral task

behavioral1

Sample

23f623473df0c2afb5ff5749fc54104db2fad645615623801fddbb376ba82a26.exe

Resource

win7-20221111-en

gcleaner discovery loader

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

23f623473df0c2afb5ff5749fc54104db2fad645615623801fddbb376ba82a26.exe

Resource

win10v2004-20221111-en

gcleaner discovery loader

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  23f623473df0c2afb5ff5749fc54104db2fad645615623801fddbb376ba82a26.exe
- Size
  
  3.0MB
- MD5
  
  067277a0342b6902050e386c012e0b3c
- SHA1
  
  3a1780eba036db9a777a084ecd7160285b96ca29
- SHA256
  
  23f623473df0c2afb5ff5749fc54104db2fad645615623801fddbb376ba82a26
- SHA512
  
  06209328bf1f2580bb75c21d25b87e39f0cd8aa74c4ccc599187c5f0b93d906c54befd9aea5c769f46546ecfbd4084c5a9895b5c47fbefbb2a248fe21a0f8c45
- SSDEEP
  
  49152:rdHkcP0OITnZPBWTFOsIiONom4Hp0LHVaVzNAPAmeZHvhjvoVAkdvStQksY+eveM:JHkUImssmmm4HaHkIobPmGQavyAv2MR
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader

© 2018-2025

Terms | Privacy