Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file

  • Size

    2.3MB

  • Sample

    230211-zvrgqshf21

  • MD5

    11bb256b9b43ffb666c3abcffcc8985d

  • SHA1

    26fab419bbb2d9d778cfd400f512dc354a9d2414

  • SHA256

    8856ac67de3316afe901f58eab21ed2c09dde7d7ab12b29bc63a23cbdb69f8d0

  • SHA512

    76227d3b8bfe8cf90fba2c70f8bd06b6f63b71ec1e5e5000b5b6d8807eef113fca2f38daa200fdc3a8aae550eceed14e163b3de0fb064556b8b3f40cc4e871ec

  • SSDEEP

    49152:rdHCq/NPD9HL2guU+1JbaXYnQTzE/olADX5s2IkLCgv2MR:JH3BD9HLtw1J3Q3E/oWsFUv2MR

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      file

    • Size

      2.3MB

    • MD5

      11bb256b9b43ffb666c3abcffcc8985d

    • SHA1

      26fab419bbb2d9d778cfd400f512dc354a9d2414

    • SHA256

      8856ac67de3316afe901f58eab21ed2c09dde7d7ab12b29bc63a23cbdb69f8d0

    • SHA512

      76227d3b8bfe8cf90fba2c70f8bd06b6f63b71ec1e5e5000b5b6d8807eef113fca2f38daa200fdc3a8aae550eceed14e163b3de0fb064556b8b3f40cc4e871ec

    • SSDEEP

      49152:rdHCq/NPD9HL2guU+1JbaXYnQTzE/olADX5s2IkLCgv2MR:JH3BD9HLtw1J3Q3E/oWsFUv2MR

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks