Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b066cf877c0d3bf70475d9f5a656143d.bin

  • Size

    2.0MB

  • Sample

    230206-l5k6tagf6v

  • MD5

    b29ffac85076062db874338cde3b2d88

  • SHA1

    99e9b77122bdcfb955f05617af806fc5b3d6b54d

  • SHA256

    ab1dc5a4244af2a20966fa5f163db1394f7eb3b45d48f57d307d3ae0d18c8058

  • SHA512

    2e6b0cf0f968c692a00aaf6d8ef894e0847af90978226874fc83d7e78eab78ce27d7d8473d77de49136e5653dd3fbf2d196ce22b049b4c4c0ab23dc53058203c

  • SSDEEP

    49152:6Eg2DkKJNv7MeG54giAVrxyBRCfxsL6uPnRqP/R:qvYweG54gBVrcBRCCLlRqPZ

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      d52e0d5d4a1af3a9d2c83d6d7afca153a7b1d219f999e4e8f2315c79487b02d6.exe

    • Size

      2.2MB

    • MD5

      b066cf877c0d3bf70475d9f5a656143d

    • SHA1

      ef1837c7b61013524bc7800dcb5438ee315ff02c

    • SHA256

      d52e0d5d4a1af3a9d2c83d6d7afca153a7b1d219f999e4e8f2315c79487b02d6

    • SHA512

      4135d747d9ca434b1c97c1f7ac62ca9406f587549b035303bf99ea30d722203eb5a23f742cd2a4c74390da861dc6122f8dbb30b4579637e67d9f9a61a822544e

    • SSDEEP

      49152:d3Z0tg7QSmghqYxeme9qomrvikGbRNDRklVqLFBoxvdVYZLCgv2MR:X0qFk8vikGbXDRklVqJBox01v2MR

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks