gcleaner | 88cbe2d54cddbcce022dcd2dfcadb99eba4281e140d61c9820e9cbf726cd9fe9 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

151ef2d3ca...8a.exe

windows7-x64

151ef2d3ca...8a.exe

windows10-2004-x64

Sharing

General

Target

88cbe2d54cddbcce022dcd2dfcadb99eba4281e140d61c9820e9cbf726cd9fe9
Size

180KB
Sample

240417-qms6xshc53
MD5

d96daaf372f3ecd4812575aa400ad710
SHA1

069f377fdb58da5dbaefceed05675e58cd3a9048
SHA256

88cbe2d54cddbcce022dcd2dfcadb99eba4281e140d61c9820e9cbf726cd9fe9
SHA512

8f6a151b25109adde5075e8c568b0ec2666e1b6200fdc98bea75c91bec84b67aff18aabe44c144c6e059e70bbae7494ad79f945680412361498bf52ce24e8d99
SSDEEP

3072:qHi0WxzySk3+CTiVII383h6UB7BbFF/N4hRS7kODpKR72NIuS7k8GzRXh2VQZmou:qQxGSkOCTSIZ34IjAg7XpI2+hSsVeOtz

Score

10^/10

gcleaner loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

151ef2d3caa9606e6aa1531750361b3e413433c1f884f4d700304f1c6501978a.exe

Resource

win7-20240221-en

gcleaner loader

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

151ef2d3caa9606e6aa1531750361b3e413433c1f884f4d700304f1c6501978a.exe

Resource

win10v2004-20240412-en

gcleaner loader

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.115

Targets

- Target
  
  151ef2d3caa9606e6aa1531750361b3e413433c1f884f4d700304f1c6501978a.exe
- Size
  
  311KB
- MD5
  
  9544821ed3db4db3c54f0d795bbc1ab6
- SHA1
  
  3dd2d16955d4e6db85051e9f368407a9d9b6870e
- SHA256
  
  151ef2d3caa9606e6aa1531750361b3e413433c1f884f4d700304f1c6501978a
- SHA512
  
  949cdade7a42a649f9daa2fd2940bf01c5bb4670e1bb3e7773fa76872da0ea1858009d6ee0f479638e8f3ee178d86d61b4750f61f768fdc0914f0994e68f6304
- SSDEEP
  
  6144:7f4ZKa9IPz9hmiXK8+JjdYX+VpU/UB9Xi:r4gKIPz7mid+Jj6X+YcL
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy