gcleaner | dc5c22ee0782235867ae0363443252f867d0bae4056cd70dff77bf936abccb5d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

a38e14185e...96.exe

windows7-x64

a38e14185e...96.exe

windows10-2004-x64

Sharing

General

Target

a38e14185e6c9b429df021bb56358596
Size

375KB
Sample

240225-mkdrnshf35
MD5

a38e14185e6c9b429df021bb56358596
SHA1

4f97e20980bb38cb50ecdfbf45fd6d164422f1e6
SHA256

dc5c22ee0782235867ae0363443252f867d0bae4056cd70dff77bf936abccb5d
SHA512

bb44ade442130326540c3eeec0cc4319f1e0ff4001d906dc39b665b7268d4cc2b3ad084cc492e2224dd8c823147707b36ed050668699117886e8b22470644b3b
SSDEEP

6144:S7Ev42gAjjXcNK8AlQeV8ppGS2GR2q8QCk9rOCelRfbHhgtwfeH4bkQe0VO76G0:hvXgAvsNl/eV8pcSt2HQCkElRftgtwai

Score

10^/10

gcleaner loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a38e14185e6c9b429df021bb56358596.exe

Resource

win7-20240221-en

gcleaner loader

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

a38e14185e6c9b429df021bb56358596.exe

Resource

win10v2004-20240221-en

gcleaner loader

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  a38e14185e6c9b429df021bb56358596
- Size
  
  375KB
- MD5
  
  a38e14185e6c9b429df021bb56358596
- SHA1
  
  4f97e20980bb38cb50ecdfbf45fd6d164422f1e6
- SHA256
  
  dc5c22ee0782235867ae0363443252f867d0bae4056cd70dff77bf936abccb5d
- SHA512
  
  bb44ade442130326540c3eeec0cc4319f1e0ff4001d906dc39b665b7268d4cc2b3ad084cc492e2224dd8c823147707b36ed050668699117886e8b22470644b3b
- SSDEEP
  
  6144:S7Ev42gAjjXcNK8AlQeV8ppGS2GR2q8QCk9rOCelRfbHhgtwfeH4bkQe0VO76G0:hvXgAvsNl/eV8pcSt2HQCkElRftgtwai
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy