gcleaner | 381bd3e99d72553b91ca00ea8320087683b508d7e7de95c9a5cb8511b351b21d

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
15-10-2023 02:57

Target

381bd3e99d72553b91ca00ea8320087683b508d7e7de95c9a5cb8511b351b21d.exe
Size

1.9MB
MD5

5f034187748478d9400cdf38697a60cd
SHA1

77eb5e9ad0b6ac10ac6120647c97be919afd3186
SHA256

381bd3e99d72553b91ca00ea8320087683b508d7e7de95c9a5cb8511b351b21d
SHA512

eaaea466749a7d413f0c88122d851bfbbe8a9748e43fe1754275dbe1ffd0ea052f0eda114f1e5f174d9b72188d8aa4983dd8ed5e795b3ad069152147987858c0
SSDEEP

24576:HxruhBIZZmRuaJCiKUJWifUiPxyQcD9pyV+YzTq3y3lTFeP7No+A:Ve+mkaJ3KmfUGcxDe+YxTFKA

Score

10^/10

gcleaner loader

Family

gcleaner

85.208.136.148

85.208.136.56

85.208.136.48

85.208.136.87

Attributes

GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
loader gcleaner

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1492	381bd3e99d72553b91ca00ea8320087683b508d7e7de95c9a5cb8511b351b21d.exe

C:\Users\Admin\AppData\Local\Temp\381bd3e99d72553b91ca00ea8320087683b508d7e7de95c9a5cb8511b351b21d.exe
"C:\Users\Admin\AppData\Local\Temp\381bd3e99d72553b91ca00ea8320087683b508d7e7de95c9a5cb8511b351b21d.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:1492

memory/1492-0-0x0000000000400000-0x00000000013E3000-memory.dmp

Filesize
15.9MB

Download
memory/1492-1-0x0000000000400000-0x00000000013E3000-memory.dmp

Filesize
15.9MB

Download
memory/1492-2-0x0000000000400000-0x00000000013E3000-memory.dmp

Filesize
15.9MB

Download
memory/1492-3-0x0000000000400000-0x00000000013E3000-memory.dmp

Filesize
15.9MB

Download