Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    1.9MB

  • Sample

    230206-kep7eacg76

  • MD5

    fe1d12356e81ca2f16ab17aebf8bded5

  • SHA1

    5ea57dead9cdeed97f804059822f0e686c9eb9a6

  • SHA256

    547514c5dd6e863c8296bc665f5bd5aa9983deba757ca2c265f59668d569e8d2

  • SHA512

    1a6ae86276a17d615230c4f00751f58924c52112027c1dd714e9dc5633433abc31e67b52ee389784e93440c65e0a18800888212486b1817f1d035a4f418b4fde

  • SSDEEP

    49152:nZZnYVfq1mYQHZb83R8BTpY0EN5RgQ/mJtSLCgv2MR:ZZYVQQHZb287AtgemGv2MR

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      file.exe

    • Size

      1.9MB

    • MD5

      fe1d12356e81ca2f16ab17aebf8bded5

    • SHA1

      5ea57dead9cdeed97f804059822f0e686c9eb9a6

    • SHA256

      547514c5dd6e863c8296bc665f5bd5aa9983deba757ca2c265f59668d569e8d2

    • SHA512

      1a6ae86276a17d615230c4f00751f58924c52112027c1dd714e9dc5633433abc31e67b52ee389784e93440c65e0a18800888212486b1817f1d035a4f418b4fde

    • SSDEEP

      49152:nZZnYVfq1mYQHZb83R8BTpY0EN5RgQ/mJtSLCgv2MR:ZZYVQQHZb287AtgemGv2MR

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks