Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file

  • Size

    2.1MB

  • Sample

    230202-b759naeb87

  • MD5

    df3d16f606a6dd53e354f0a1ebc65add

  • SHA1

    881c6181ca75fea4a1b037b84195f42a3278938b

  • SHA256

    72efc3ca827711c128c90a926dd9b50535d1dad4b020464e2268936b2fb14a5b

  • SHA512

    666ba447ec7fb1e6cf98c3299af77cc01e0fa8a555cb780c791f4b006b9eebc2447a9311c2ad8bf20d700bcd39d1763c0e3f8ee77a5ef0b38c7cbd3d27460382

  • SSDEEP

    49152:icPLnQTgwNkOV5o0byYLOhc/XtSLCgv2MR:XPLnQTBN3V2/OQv2MR

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      file

    • Size

      2.1MB

    • MD5

      df3d16f606a6dd53e354f0a1ebc65add

    • SHA1

      881c6181ca75fea4a1b037b84195f42a3278938b

    • SHA256

      72efc3ca827711c128c90a926dd9b50535d1dad4b020464e2268936b2fb14a5b

    • SHA512

      666ba447ec7fb1e6cf98c3299af77cc01e0fa8a555cb780c791f4b006b9eebc2447a9311c2ad8bf20d700bcd39d1763c0e3f8ee77a5ef0b38c7cbd3d27460382

    • SSDEEP

      49152:icPLnQTgwNkOV5o0byYLOhc/XtSLCgv2MR:XPLnQTBN3V2/OQv2MR

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks