GCleaner
Detected as Win64.Trojan.Vigorf (ReversingLabs); Trojan-Downloader.Agent.TCP.C&C (Kaspersky).
C2 Infrastructure
Business43%
Hosting/VPS29%
ISP/Residential29%
Last 7 days
Apr 11, 2026
C2 Hosts: 3
Apr 10, 2026
C2 Hosts: 1
Apr 9, 2026
C2 Hosts: 5
Apr 8, 2026
C2 Hosts: 1
| Date | C2 Hosts |
|---|---|
| Apr 11, 2026 | 3 |
| Apr 10, 2026 | 1 |
| Apr 9, 2026 | 5 |
| Apr 8, 2026 | 1 |
Further Reading
MalwareBazaar | GCleaner
GCleaner malware samples
bazaar.abuse.ch
MalwareAnalysisReports/GCleaner/GCleaner Techincal Analysis with BinaryNinja.md at main · VenzoV/MalwareAnalysisReports
Reports in .MD format. Contribute to VenzoV/MalwareAnalysisReports development by creating an account on GitHub.
github.com
Deep Analysis of GCleaner
GCleaner is a Pay-Per-Install (PPI) loader first discovered in early 2019, it has been used to deploy other malicious families like…
n1ght-w0lf.github.io
NullMixer drops Redline Stealer, SmokeLoader and other malware
NullMixer is a dropper delivering a number of Trojans, such as RedLine Stealer, SmokeLoader, Satacom, and others.
securelist.com