Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4fbb67c0ef74f07ac1b31dba5d136938735bbd00544d27b4931a4a79e12f1f5f.zip

  • Size

    237KB

  • Sample

    230308-p1v21abg23

  • MD5

    ab6b1f528c3c6be634c9dbaf036db83a

  • SHA1

    a4a905dada426b94ba4cf08dbb6d57fc704a4fc6

  • SHA256

    7b04c75b0055274afb925e2b507c26d4bd3b465d40ddc5007a98137372186dc9

  • SHA512

    2546ff55cb63c758efa27b2e0a4efcd77097574fce8cf7c93f8a1b9b52fb4b662e7b22db341bb8dd7df997ba4d9522e2e10b1c29a9a0d6125aa1e8c45097b459

  • SSDEEP

    6144:/k1LvXogCoo/PypoRjUE/L2lBMwEfSWIjQ1Fu7e5V507APFhT:Gz4gHo3UARfS4zzV8A9hT

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      4fbb67c0ef74f07ac1b31dba5d136938735bbd00544d27b4931a4a79e12f1f5f.exe

    • Size

      385KB

    • MD5

      34f8808d1a51641fac355ba5c92f7114

    • SHA1

      eb6774b48254e0b37f357dffb5ea620bc8cca5f3

    • SHA256

      4fbb67c0ef74f07ac1b31dba5d136938735bbd00544d27b4931a4a79e12f1f5f

    • SHA512

      dfff6523cf9393c3a9e41925c6a8905ea4be3155a46334193ed839b783288ed7ccb9fe946411d2c1e896eb839d8cb3e76ed1cadb1987f616fdede1940d2146a5

    • SSDEEP

      3072:t5uIKIRGXJuLGNafEnyKWus/1T6J2d+kVojCI40+/xJP92VBY3TQGcuD4EBWrFVU:YI6uLGcE70dpd+kVx1x/2VWxcu8sWR

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

MITRE ATT&CK Enterprise v6

Tasks