Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    1.5MB

  • Sample

    230114-3hpddsah4s

  • MD5

    2afa69f28cce102be1371c3700de7ca2

  • SHA1

    d831fd3ae0fb333f2a519ec41477b2025793c9d6

  • SHA256

    77b5cb4e2b3042f1c0af02e2220c1c751636a1945fb0e92c79b32d24763a65c0

  • SHA512

    299f34d8fdb89cb4b09ea16c45ba03843aa5a1c272931f7e099832920bc7aae41feb6829bc7435b643a9ac566d0854692fc586644ea4eb269e4158a788c8bef4

  • SSDEEP

    24576:r20h5v/2n19QfS64DsBAK13cZuM3LSJNUKWZQ1qZ5spSgaXhwCbr:r2w2fk4mASquM3LuqZ50yX6Cbr

Malware Config

Extracted

Family

gcleaner

C2

45.139.105.171

85.31.46.167

107.182.129.235

171.22.30.106

Targets

    • Target

      file.exe

    • Size

      1.5MB

    • MD5

      2afa69f28cce102be1371c3700de7ca2

    • SHA1

      d831fd3ae0fb333f2a519ec41477b2025793c9d6

    • SHA256

      77b5cb4e2b3042f1c0af02e2220c1c751636a1945fb0e92c79b32d24763a65c0

    • SHA512

      299f34d8fdb89cb4b09ea16c45ba03843aa5a1c272931f7e099832920bc7aae41feb6829bc7435b643a9ac566d0854692fc586644ea4eb269e4158a788c8bef4

    • SSDEEP

      24576:r20h5v/2n19QfS64DsBAK13cZuM3LSJNUKWZQ1qZ5spSgaXhwCbr:r2w2fk4mASquM3LuqZ50yX6Cbr

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks