Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    1.9MB

  • Sample

    230519-lwmchsga41

  • MD5

    21321336c670d1b96295499d7697c105

  • SHA1

    9ceaf33034147557c938e4f658ee2a054260c507

  • SHA256

    28298b9302a467ad92b509e1a961e5d98a5179f9cec7cebd1cfe50e844506a77

  • SHA512

    06a06558673b0cc435f50ca7c4d9e82d6a096f5b40b38967b9d785eab7d63f2c320b80c71456c41bc19b327d65cfd61cadce5b75a4b2684ccd5c9979aa08cf98

  • SSDEEP

    49152:KiJ6hloLsJLD7cAKYQ0E7OtjjgfKs8wuV:KiQhyLsJn79vAOtjGFI

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      file.exe

    • Size

      1.9MB

    • MD5

      21321336c670d1b96295499d7697c105

    • SHA1

      9ceaf33034147557c938e4f658ee2a054260c507

    • SHA256

      28298b9302a467ad92b509e1a961e5d98a5179f9cec7cebd1cfe50e844506a77

    • SHA512

      06a06558673b0cc435f50ca7c4d9e82d6a096f5b40b38967b9d785eab7d63f2c320b80c71456c41bc19b327d65cfd61cadce5b75a4b2684ccd5c9979aa08cf98

    • SSDEEP

      49152:KiJ6hloLsJLD7cAKYQ0E7OtjjgfKs8wuV:KiQhyLsJn79vAOtjGFI

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks