Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b066cf877c0d3bf70475d9f5a656143d.bin

  • Size

    2.0MB

  • Sample

    230206-l5k6tagf6v

  • MD5

    b29ffac85076062db874338cde3b2d88

  • SHA1

    99e9b77122bdcfb955f05617af806fc5b3d6b54d

  • SHA256

    ab1dc5a4244af2a20966fa5f163db1394f7eb3b45d48f57d307d3ae0d18c8058

  • SHA512

    2e6b0cf0f968c692a00aaf6d8ef894e0847af90978226874fc83d7e78eab78ce27d7d8473d77de49136e5653dd3fbf2d196ce22b049b4c4c0ab23dc53058203c

  • SSDEEP

    49152:6Eg2DkKJNv7MeG54giAVrxyBRCfxsL6uPnRqP/R:qvYweG54gBVrcBRCCLlRqPZ

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      d52e0d5d4a1af3a9d2c83d6d7afca153a7b1d219f999e4e8f2315c79487b02d6.exe

    • Size

      2.2MB

    • MD5

      b066cf877c0d3bf70475d9f5a656143d

    • SHA1

      ef1837c7b61013524bc7800dcb5438ee315ff02c

    • SHA256

      d52e0d5d4a1af3a9d2c83d6d7afca153a7b1d219f999e4e8f2315c79487b02d6

    • SHA512

      4135d747d9ca434b1c97c1f7ac62ca9406f587549b035303bf99ea30d722203eb5a23f742cd2a4c74390da861dc6122f8dbb30b4579637e67d9f9a61a822544e

    • SSDEEP

      49152:d3Z0tg7QSmghqYxeme9qomrvikGbRNDRklVqLFBoxvdVYZLCgv2MR:X0qFk8vikGbXDRklVqJBox01v2MR

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.