gcleaner | 8c55d689dfdff3c0e87ace5baaf075a3f80c7ecb61d658d345e949f9a28efd6d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

8c55d689dfdff3c0e87ace5baaf075a3f80c7ecb61d658d345e949f9a28efd6d
Size

423KB
Sample

240904-awcyas1dpl
MD5

2ceaa3ee3ce6b01f30728b16eb1590e1
SHA1

a81f3e6aec5686730d6c94c53d3bc3e09f42297d
SHA256

8c55d689dfdff3c0e87ace5baaf075a3f80c7ecb61d658d345e949f9a28efd6d
SHA512

868b1cbcfee92553307e5256226ffe92d6cc23fe7c30abf3f9ee3700313f20803f0fd45dbd808052b53c5549d628a55f17888f11241b89a86241b30827cfee45
SSDEEP

12288:CLu8fqVx6678b1OfTwlOR/7hKDanKJLy:Ca8fSJ85OfUOB7ZnKY

Score

10^/10

gcleaner discovery loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8c55d689dfdff3c0e87ace5baaf075a3f80c7ecb61d658d345e949f9a28efd6d.exe

Resource

win10v2004-20240802-en

gcleaner discovery loader

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

8c55d689dfdff3c0e87ace5baaf075a3f80c7ecb61d658d345e949f9a28efd6d.exe

Resource

win11-20240802-en

gcleaner discovery loader

windows11-21h2-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

45.91.200.135

Targets

- Target
  
  8c55d689dfdff3c0e87ace5baaf075a3f80c7ecb61d658d345e949f9a28efd6d
- Size
  
  423KB
- MD5
  
  2ceaa3ee3ce6b01f30728b16eb1590e1
- SHA1
  
  a81f3e6aec5686730d6c94c53d3bc3e09f42297d
- SHA256
  
  8c55d689dfdff3c0e87ace5baaf075a3f80c7ecb61d658d345e949f9a28efd6d
- SHA512
  
  868b1cbcfee92553307e5256226ffe92d6cc23fe7c30abf3f9ee3700313f20803f0fd45dbd808052b53c5549d628a55f17888f11241b89a86241b30827cfee45
- SSDEEP
  
  12288:CLu8fqVx6678b1OfTwlOR/7hKDanKJLy:Ca8fSJ85OfUOB7ZnKY
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader

© 2018-2025

Terms | Privacy