gcleaner | 48bcb229bec55fa35a579870073247dbfe676acb65130ee7fd3edfa2085aba64

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07-01-2025 11:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

48bcb229bec55fa35a579870073247dbfe676acb65130ee7fd3edfa2085aba64.exe
Size

2.9MB
MD5

f212366ef83f5e89633e3b1aac35ea7f
SHA1

9b56c070be542fdd893e3de35c8a476ae255979a
SHA256

48bcb229bec55fa35a579870073247dbfe676acb65130ee7fd3edfa2085aba64
SHA512

acf6c21a0d495c00e9ec1c47fa3b32ecde55becf4d179b95f298b5aafdb19addcd615054768a2efbffb66cdfb058cc80789d15036673e01675a2f91f57539e69
SSDEEP

24576:dC7ZkEgvMZL0YodapBz6pNshfSdF+Ms2haFPlURSDoAHq62UTFm6SzGEfN+B4FB:s9CyL0cPfSeVlJvKWp3S/lBf

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

208.67.106.156

37.139.129.24

193.151.183.73

208.67.104.141

Attributes

url_path
/i.php

/get.php

/setup.php

/setup.php

Signatures

GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
loader gcleaner
Gcleaner family
gcleaner

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	48bcb229bec55fa35a579870073247dbfe676acb65130ee7fd3edfa2085aba64.exe

C:\Users\Admin\AppData\Local\Temp\48bcb229bec55fa35a579870073247dbfe676acb65130ee7fd3edfa2085aba64.exe
"C:\Users\Admin\AppData\Local\Temp\48bcb229bec55fa35a579870073247dbfe676acb65130ee7fd3edfa2085aba64.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1860-0-0x0000000000400000-0x00000000014E9000-memory.dmp

Filesize
16.9MB

Download
memory/1860-2-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1860-3-0x0000000000400000-0x00000000014E9000-memory.dmp

Filesize
16.9MB

Download
memory/1860-1-0x0000000000400000-0x00000000014E9000-memory.dmp

Filesize
16.9MB

Download
memory/1860-4-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download