gcleaner | 4c9e514da670422e773cac781d66a4207a31d78e7a21d30a0536bfff27a739c6 | Triage

Submit
Reports

Overview

overview

Static

static

3

c6e0798bf3.exe

windows11-21h2-x64

Sharing

General

Target

c6e0798bf3.exe
Size

3.7MB
Sample

250221-v1qeeawqdm
MD5

467266ba67d21e7180338773c0529039
SHA1

6d9c86ac604e3b3a2bdf86fdc106eda4226c3a1a
SHA256

4c9e514da670422e773cac781d66a4207a31d78e7a21d30a0536bfff27a739c6
SHA512

94e2f33f7198bb7d19ec87af7749957c563b8f7c9d8c11e10c4e66c1023f00ea526c7eb336ce21f1ad4d7c6c00f00ced32b90a3e0df8db5b3d1e45b13a7e3cea
SSDEEP

98304:pXaGesQTmvWQrS1n8qkk4WbFTFLH8AbRakvyz0bLooZh20F:1ATmOQrSC/0FTFDNxK0PoovB

Score

10^/10

gcleaner defense_evasion discovery loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c6e0798bf3.exe

Resource

win11-20250217-en

gcleaner defense_evasion discovery loader

windows11-21h2-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  c6e0798bf3.exe
- Size
  
  3.7MB
- MD5
  
  467266ba67d21e7180338773c0529039
- SHA1
  
  6d9c86ac604e3b3a2bdf86fdc106eda4226c3a1a
- SHA256
  
  4c9e514da670422e773cac781d66a4207a31d78e7a21d30a0536bfff27a739c6
- SHA512
  
  94e2f33f7198bb7d19ec87af7749957c563b8f7c9d8c11e10c4e66c1023f00ea526c7eb336ce21f1ad4d7c6c00f00ced32b90a3e0df8db5b3d1e45b13a7e3cea
- SSDEEP
  
  98304:pXaGesQTmvWQrS1n8qkk4WbFTFLH8AbRakvyz0bLooZh20F:1ATmOQrSC/0FTFDNxK0PoovB
Score

10^/10

gcleaner defense_evasion discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  defense_evasion
- Downloads MZ/PE file
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  defense_evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdefense_evasiondiscoveryloader

© 2018-2025

Terms | Privacy