Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e5516483111786f534cb82777d534a38.bin

  • Size

    2.7MB

  • Sample

    230215-b829dsha7z

  • MD5

    01c3f03ec8a93ac173d50c7fa70177d0

  • SHA1

    628c53da20a1067611f12ece4152304c1abc754b

  • SHA256

    e3a8dccf194fb06cb86657e9d9e83f74dcf2370cc7553cc58c08d2baace9bcac

  • SHA512

    0b215245f864d161d0922a66ae6f35921ee403fef13613791c367e0169158d8599109069ceb740e2fc387421868eaf9fd8b7a086f8e2e5bbd27f077e4c5f23ad

  • SSDEEP

    49152:8DEd6ovmRV/2uFMhSgM6dsrdiHWVvmVjKR/bFa19Kda+PGq0mFfXf8WQ3weS:8DEd60YdFESJ9DDbFqt037fP8WQ3FS

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      57650b5e0766eeeef908ed679d567d75777a5b1ca0dd7a3a6d86ce0f4527ae1e.exe

    • Size

      3.0MB

    • MD5

      e5516483111786f534cb82777d534a38

    • SHA1

      2df0ea78a4395f1af80eb8580904f0875b499bd5

    • SHA256

      57650b5e0766eeeef908ed679d567d75777a5b1ca0dd7a3a6d86ce0f4527ae1e

    • SHA512

      ed5a7b99e466d1a963fb8ded47b9b485214bef8f194aa134024842a61d1b53623105daad9d6dd1213d80da1c4b24cb606bac34695527924dda4451840107d08b

    • SSDEEP

      98304:JHWkYbxZxF1o4uqGgAMR6y8K4EGerDSbLDVsv2MR:dWkmBF1pvGgQ0ObLuvjR

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks