Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    3.0MB

  • Sample

    230214-sy682aed43

  • MD5

    25e89277045569984f3a8f2fbc35909e

  • SHA1

    a81bf3af112e3217b8390effbc813e0b6f3c1c1c

  • SHA256

    7843e05994244ed87c87b042b20bbde7bd76662b8c527537b71d685a9308751d

  • SHA512

    0cefc02bca1ab5c38a1c51db18939c5ee5f448921239ebe0dd1763710d9fe3f098105e244ce64ca736b88c6720ac982a5bd4452469bc9098bed740a01cfdfd14

  • SSDEEP

    98304:JHqduwgnhpJSL85mhsmx6gWX1YC8gjv2MR:dqgwehXH5mBx6gWFYC8ovjR

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      file.exe

    • Size

      3.0MB

    • MD5

      25e89277045569984f3a8f2fbc35909e

    • SHA1

      a81bf3af112e3217b8390effbc813e0b6f3c1c1c

    • SHA256

      7843e05994244ed87c87b042b20bbde7bd76662b8c527537b71d685a9308751d

    • SHA512

      0cefc02bca1ab5c38a1c51db18939c5ee5f448921239ebe0dd1763710d9fe3f098105e244ce64ca736b88c6720ac982a5bd4452469bc9098bed740a01cfdfd14

    • SSDEEP

      98304:JHqduwgnhpJSL85mhsmx6gWX1YC8gjv2MR:dqgwehXH5mBx6gWFYC8ovjR

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks