Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    1.5MB

  • Sample

    230114-3hpddsah4s

  • MD5

    2afa69f28cce102be1371c3700de7ca2

  • SHA1

    d831fd3ae0fb333f2a519ec41477b2025793c9d6

  • SHA256

    77b5cb4e2b3042f1c0af02e2220c1c751636a1945fb0e92c79b32d24763a65c0

  • SHA512

    299f34d8fdb89cb4b09ea16c45ba03843aa5a1c272931f7e099832920bc7aae41feb6829bc7435b643a9ac566d0854692fc586644ea4eb269e4158a788c8bef4

  • SSDEEP

    24576:r20h5v/2n19QfS64DsBAK13cZuM3LSJNUKWZQ1qZ5spSgaXhwCbr:r2w2fk4mASquM3LuqZ50yX6Cbr

Malware Config

Extracted

Family

gcleaner

C2

45.139.105.171

85.31.46.167

107.182.129.235

171.22.30.106

Targets

    • Target

      file.exe

    • Size

      1.5MB

    • MD5

      2afa69f28cce102be1371c3700de7ca2

    • SHA1

      d831fd3ae0fb333f2a519ec41477b2025793c9d6

    • SHA256

      77b5cb4e2b3042f1c0af02e2220c1c751636a1945fb0e92c79b32d24763a65c0

    • SHA512

      299f34d8fdb89cb4b09ea16c45ba03843aa5a1c272931f7e099832920bc7aae41feb6829bc7435b643a9ac566d0854692fc586644ea4eb269e4158a788c8bef4

    • SSDEEP

      24576:r20h5v/2n19QfS64DsBAK13cZuM3LSJNUKWZQ1qZ5spSgaXhwCbr:r2w2fk4mASquM3LuqZ50yX6Cbr

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.