gcleaner | 84b80a9d2421c0e7a5d401bf3496854b910dcf1fd8c7b38236d6bae8520036a9 | Triage

Submit
Reports

Overview

overview

Static

static

3

file.exe

windows7-x64

file.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

1.2MB
Sample

230713-p5r6xagg36
MD5

e013b2105484ebaebd58868a649ee074
SHA1

1295111fd9c2e956f1d78e82f700ea1fc405aac3
SHA256

84b80a9d2421c0e7a5d401bf3496854b910dcf1fd8c7b38236d6bae8520036a9
SHA512

43877f0149088048017d871c1bdf74c864ba236524502dcb1c5c022fa94d8594d5e530719a4dbd6f068982d728cf050431e0267d1a6620b7b3b75915ba07eede
SSDEEP

24576:OfOym3/CYBFXwnxWXBk0MffRZ6T0tfnIqdl2vSBreuS2w02VnKU:OG9tHHXBixUcRFeuZknn

Score

10^/10

gcleaner discovery loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20230712-en

gcleaner discovery loader

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20230703-en

gcleaner discovery loader

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  file.exe
- Size
  
  1.2MB
- MD5
  
  e013b2105484ebaebd58868a649ee074
- SHA1
  
  1295111fd9c2e956f1d78e82f700ea1fc405aac3
- SHA256
  
  84b80a9d2421c0e7a5d401bf3496854b910dcf1fd8c7b38236d6bae8520036a9
- SHA512
  
  43877f0149088048017d871c1bdf74c864ba236524502dcb1c5c022fa94d8594d5e530719a4dbd6f068982d728cf050431e0267d1a6620b7b3b75915ba07eede
- SSDEEP
  
  24576:OfOym3/CYBFXwnxWXBk0MffRZ6T0tfnIqdl2vSBreuS2w02VnKU:OG9tHHXBixUcRFeuZknn
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader

© 2018-2025

Terms | Privacy