all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Deep Analysis of GCleaner

Add to bookmarks
July 15, 2023, 11:56 a.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

Howdy! I’m finally back with another malware deep dive report. This time we are digging into GCleaner.


GCleaner is a Pay-Per-Install (PPI) loader first discovered in early 2019, it has been used to deploy other malicious families like Smokeloader, Amadey, Redline and Raccoon.


We will be working on this sample:
(SHA256: 020d370b51711b0814901d7cc32d8251affcc3506b9b4c15db659f3dbb6a2e6b)


Initial Triage


Let’s start by running the sample in Triage sandbox to get an overview of what it does.


We can see from the process tree that …

amadey analysis back deep dive deploy dive install loader malicious malware malware analysis pay ppi raccoon redline report sample sha256 smokeloader start triage working

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

4 Easy Ways to Find Free Wi-Fi Anywhere You Go 28 minutes ago | malware.news
can challenge coffee easy +10
AI's Offensive & Defensive Impacts an hour ago | malware.news
alto blog cybersecurity defensive +11
Cyberattack against United Russia claimed by Ukraine 2 hours ago | malware.news
attack cyberattack distributed initiative +14
US jails former NSA employee for attempting secret sale to Russia 2 hours ago | malware.news
agency article confidential defense +25
Better identity threat detection sought by new Semperis ML-based tool 2 hours ago | malware.news
and response article detection detection and response +27
Red Hat's latest enterprise Linux delivers new features to tackle hybrid-cloud complexity 3 hours ago | malware.news
addition article cloud complexity +13
NASA doesn't know if its spacecraft have adequate cyber defenses, GAO warns 3 hours ago | malware.news
agency article best practices cyber +11
US warns of Russian hackers targeting operational technology in water systems 4 hours ago | malware.news
advisory breached hackers official +10
Senators grill UnitedHealth CEO on Change Healthcare cyberattack 4 hours ago | malware.news
article ceo change change healthcare +13

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Azure DevSecOps Cloud Engineer II

@ Prudent Technology | McLean, VA, USA
View on infosec-jobs.com

Security Engineer III - Python, AWS

@ JPMorgan Chase & Co. | Bengaluru, Karnataka, India
View on infosec-jobs.com

SOC Analyst (Threat Hunter)

@ NCS | Singapore, Singapore
View on infosec-jobs.com

Managed Services Information Security Manager

@ NTT DATA | Sydney, Australia
View on infosec-jobs.com

Senior Security Engineer (Remote)

@ Mattermost | United Kingdom
View on infosec-jobs.com

Penetration Tester (Part Time & Remote)

@ TestPros | United States - Remote
View on infosec-jobs.com
View more jobs