gcleaner | 77443f25f0feec80bb8abfaeb009fa06e641f7464926c63af3f3bcc92fe69c54 | Triage

Submit
Reports

Overview

overview

Static

static

3

06bf7d9d54...14.exe

windows7-x64

06bf7d9d54...14.exe

windows10-2004-x64

Sharing

General

Target

2584dfe26f8389b7821b701568d5a31b.bin
Size

1.1MB
Sample

230703-bgjb7sfd6t
MD5

7023613ae5e9307e901ec941c7e160c5
SHA1

046093b264da374b4a7e0803767edf8a7b67a174
SHA256

77443f25f0feec80bb8abfaeb009fa06e641f7464926c63af3f3bcc92fe69c54
SHA512

bb76718407b2a9abe289503f210de6207b5bb70209257cad5c994d8ad303ad89f1b948a129f0a9e751b95e2e271c424275d1019717b832d85e1b8a8b85b1b1bf
SSDEEP

24576:URu9kQmagI8K3p9BhrWVgEI9buIdKJxGJeXo8Cp:Uo9kQmPzKZ1WvMVsJQ

Score

10^/10

gcleaner discovery loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

06bf7d9d545c37c3ee36c0a67a4b6575edbfcb90b4257884e0ed56ee29ca9214.exe

Resource

win7-20230621-en

gcleaner discovery loader

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

06bf7d9d545c37c3ee36c0a67a4b6575edbfcb90b4257884e0ed56ee29ca9214.exe

Resource

win10v2004-20230621-en

gcleaner discovery loader

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  06bf7d9d545c37c3ee36c0a67a4b6575edbfcb90b4257884e0ed56ee29ca9214.exe
- Size
  
  1.2MB
- MD5
  
  2584dfe26f8389b7821b701568d5a31b
- SHA1
  
  f09cedd4f6ed7567cd0069981253bb68d8a0b721
- SHA256
  
  06bf7d9d545c37c3ee36c0a67a4b6575edbfcb90b4257884e0ed56ee29ca9214
- SHA512
  
  97efe0c9e4690b9e84efff60ac02d568cafe9eba3dbc71527d1e979c175774530fea64b76b6162c1f3c8711e6be9b63e96c8145262fd9805134e42cf6fcf445c
- SSDEEP
  
  24576:OfOyAj5HnRRZ4wxXZy7270FJM334d0lPMd4VVKz1rARpJjBBp/D:OG3yw397AJmm0lPQYI2pvBp
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader

© 2018-2025

Terms | Privacy