gcleaner | ac286eb0952202037306a127334f67323550fc3d276d689c81e6a4ee66752d8c | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

file.exe

windows7-x64

file.exe

windows10-2004-x64

Sharing

General

Target

file.exe
Size

1.5MB
Sample

230831-lra4padh7v
MD5

83c0aa4ff5b51fc32781a39e2ec2c6ea
SHA1

bbace8228607fcbc07c36f39bbb1e2c844f50068
SHA256

ac286eb0952202037306a127334f67323550fc3d276d689c81e6a4ee66752d8c
SHA512

cb5f4a75cb3802dc022c4888ef90cd7f4d3deeafc0bdba868bf2c78eba173d736c03ce6ebc0d65b4cd6d633fd476764d24b5df58481dfb6fda49b8d91dd5108e
SSDEEP

24576:220Sx+I9oRYe+qPJZHHXFutH84tYI694pQQgXC75ld1qSVpk:228Q3no91AH8YYx9UQgd1qapk

Score

10^/10

gcleaner not_berm discovery loader taggie_berm_you_are_it

Static task

static1

taggie_berm_you_are_it not_berm

3 signatures

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20230712-en

gcleaner discovery loader taggie_berm_you_are_it

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20230703-en

gcleaner discovery loader taggie_berm_you_are_it

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

45.139.105.171

85.31.46.167

107.182.129.235

171.22.30.106

Targets

- Target
  
  file.exe
- Size
  
  1.5MB
- MD5
  
  83c0aa4ff5b51fc32781a39e2ec2c6ea
- SHA1
  
  bbace8228607fcbc07c36f39bbb1e2c844f50068
- SHA256
  
  ac286eb0952202037306a127334f67323550fc3d276d689c81e6a4ee66752d8c
- SHA512
  
  cb5f4a75cb3802dc022c4888ef90cd7f4d3deeafc0bdba868bf2c78eba173d736c03ce6ebc0d65b4cd6d633fd476764d24b5df58481dfb6fda49b8d91dd5108e
- SSDEEP
  
  24576:220Sx+I9oRYe+qPJZHHXFutH84tYI694pQQgXC75ld1qSVpk:228Q3no91AH8YYx9UQgd1qapk
Score

10^/10

gcleaner discovery loader taggie_berm_you_are_it
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- match_everything
  This rule matches all.
  taggie_berm_you_are_it
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

taggie_berm_you_are_itnot_berm

behavioral1

gcleanerdiscoveryloadertaggie_berm_you_are_it

behavioral2

gcleanerdiscoveryloadertaggie_berm_you_are_it

© 2018-2025

Terms | Privacy