all InfoSec news
Deep Analysis of GCleaner
Malware Analysis, News and Indicators - Latest topics malware.news
Howdy! I’m finally back with another malware deep dive report. This time we are digging into GCleaner.
GCleaner is a Pay-Per-Install (PPI) loader first discovered in early 2019, it has been used to deploy other malicious families like Smokeloader, Amadey, Redline and Raccoon.
We will be working on this sample:
(SHA256: 020d370b51711b0814901d7cc32d8251affcc3506b9b4c15db659f3dbb6a2e6b
)
Initial Triage
Let’s start by running the sample in Triage sandbox to get an overview of what it does.
We can see from the process tree that …
amadey analysis back deep dive deploy dive install loader malicious malware malware analysis pay ppi raccoon redline report sample sha256 smokeloader start triage working