Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    1.3MB

  • Sample

    230115-ztweasgb8x

  • MD5

    32fdc555aa47ce5bd6087392ee997642

  • SHA1

    4c8ed2c2e61df98a8cf6b463184c7d0c4e7a7ca6

  • SHA256

    76cebc0562d27e9d044a0bc34592c1cbed5965db5a6ab0a2869f38cdc8cc86d6

  • SHA512

    24660046a6a20c88dc8af24cb089cbcbc16094b237cac514dc0655df1ce3285392b81495551014d75ce47ed826fc7e9ac2e81edf77bc2fa7100624a0439f41fa

  • SSDEEP

    24576:I2036ll0cJw65zk8X/Mq34Auk15qvKwus6hwCbr:I24ixm6Bk8X/XzukvNe66Cbr

Malware Config

Extracted

Family

gcleaner

C2

45.139.105.171

85.31.46.167

107.182.129.235

171.22.30.106

Targets

    • Target

      file.exe

    • Size

      1.3MB

    • MD5

      32fdc555aa47ce5bd6087392ee997642

    • SHA1

      4c8ed2c2e61df98a8cf6b463184c7d0c4e7a7ca6

    • SHA256

      76cebc0562d27e9d044a0bc34592c1cbed5965db5a6ab0a2869f38cdc8cc86d6

    • SHA512

      24660046a6a20c88dc8af24cb089cbcbc16094b237cac514dc0655df1ce3285392b81495551014d75ce47ed826fc7e9ac2e81edf77bc2fa7100624a0439f41fa

    • SSDEEP

      24576:I2036ll0cJw65zk8X/Mq34Auk15qvKwus6hwCbr:I24ixm6Bk8X/XzukvNe66Cbr

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks