Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    71de13b2b627f12dedcdb1024840a069.bin

  • Size

    2.7MB

  • Sample

    230215-bsyahahd56

  • MD5

    b70b2a98579445a8208503b172092f70

  • SHA1

    cae0e23f2499f979fba996241c1adabc44d43161

  • SHA256

    7ec03fdc696d8c974685b0a796bfbb8f02073374fe10ea82b8c0a4cf5304cf76

  • SHA512

    22b141536a6ffdc7e58273af609ba65ea5cb63e284edd491400780d5a047dc18525e9c0c1098ee05e4b3fcf9c11c4d0847afac88bb1ce7a84a8e98331714a917

  • SSDEEP

    49152:6aEdpO3HgTk6s8A8+X6Tcpmk4uWYcT53KuULXkG3UZbbm0F9Bc8wdpYLh:fEOCFs8A8+q4YkrWxDslc3m0F9aPrYLh

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      57d8a473c29df1db0747cf710dbec288a9b0b9d6db7373e74c13ad7a69726b2d.exe

    • Size

      3.0MB

    • MD5

      71de13b2b627f12dedcdb1024840a069

    • SHA1

      f6664727fa84515aecd42f58034bf429874e0a76

    • SHA256

      57d8a473c29df1db0747cf710dbec288a9b0b9d6db7373e74c13ad7a69726b2d

    • SHA512

      054540713891ca76f9782725e89971267d4504c7b9b00793daf4e3c74c2aa8ba0cd67856b1697500aa7f3c053df47fd01a170a55d75748c4069f9b74475a5787

    • SSDEEP

      49152:rdHTiUwfVwmLsSAac+rc+DKymbdxSx+2/GoZ00M2Ja8LCgv2MR:JHmUwumgQ7DKymbjh0Muv2MR

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks