gcleaner | e055edc4ecc7f7d66bb6c560e0d0268a559b4b1b3e738e155f0df1c42d9c05e4 | Triage

Submit
Reports

Overview

overview

Static

static

3

c3c372d8f8...42.exe

windows7-x64

c3c372d8f8...42.exe

windows10-2004-x64

Sharing

General

Target

15f7afaacde0ad19992e41c867cf0e88.bin
Size

2.2MB
Sample

230613-bc3kaaec73
MD5

387e52a3328d0ccc3012b52bb47d8205
SHA1

0819a86595cdffd3ecc95ca7c8ef13fd72c190d2
SHA256

e055edc4ecc7f7d66bb6c560e0d0268a559b4b1b3e738e155f0df1c42d9c05e4
SHA512

ae7b937b7768bb13bb596279f344140b1d66aefb93168ea8b2cdd2fc1de2ae19894276ce4b6c077fffd12876ad61dec5f84fe0eb2ea4fefad3ffb6521f04da76
SSDEEP

49152:ghdIYxbL03TxmkbPt0vFZmg2QtoMAEOFXa6iiRLne/0qKTnBBaq2:g3ojxVbl+52SuFAd2TnBU

Score

10^/10

gcleaner discovery loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c3c372d8f8bb81cf47aa95b668db4ec994acb075a3f6c5b1d2ec04593dc05442.exe

Resource

win7-20230220-en

gcleaner discovery loader

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

c3c372d8f8bb81cf47aa95b668db4ec994acb075a3f6c5b1d2ec04593dc05442.exe

Resource

win10v2004-20230220-en

gcleaner discovery loader

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  c3c372d8f8bb81cf47aa95b668db4ec994acb075a3f6c5b1d2ec04593dc05442.exe
- Size
  
  2.3MB
- MD5
  
  15f7afaacde0ad19992e41c867cf0e88
- SHA1
  
  b8fcd6b953a8b42fb535f6c436d3f09fd0139d0c
- SHA256
  
  c3c372d8f8bb81cf47aa95b668db4ec994acb075a3f6c5b1d2ec04593dc05442
- SHA512
  
  154ba4b4ede295d65fe416607c5ad5cd1e53808caca3260a9db131eb840bfc07b7622e666e139c4259a8d543d4954d53314685889d70cc6ce1c7b9ae1b3fd4c8
- SSDEEP
  
  49152:J6dJ6sPlszWm+02k3fx/nAdXkYH/C8S4pSGr1tqWK1lCirZ+/TnL8Z6duee1g7I9:cdMstkNJ/rYH/v3pjr1tqWK1lC0+TnLY
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader

© 2018-2025

Terms | Privacy