Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    CCleaner.Technician.6.12.10490.Portable.rar

  • Size

    27.5MB

  • Sample

    230520-vdxvzade77

  • MD5

    3daf322c7167332c47b768ec97059890

  • SHA1

    afe3bdbbc5b1285ce14f135a905b652ae3ab3010

  • SHA256

    c2b88b7c0e3a630f69c35d3d476a01c38f83fca3efbba10e55188e0264ff56d6

  • SHA512

    7dfc44aa1a87427ed019dc3ab2724b23461584e0f8078a0fc0280d3d266778ab4ca18b41c52de98abae039506f4cbe7a267f2181be29664d8aa11aed31511f3e

  • SSDEEP

    393216:wcyHO5JRbpNnZN1fuhmqfyE61oEA2vGDLMt7fW1ghVbBoI1xYvK9vudPX5XDefaR:wXHGJJqLlMt7u8bBogKipiPF/Xa4X

Malware Config

Targets

    • Target

      CCleaner.Technician.6.12.10490.Portable.rar

    • Size

      27.5MB

    • MD5

      3daf322c7167332c47b768ec97059890

    • SHA1

      afe3bdbbc5b1285ce14f135a905b652ae3ab3010

    • SHA256

      c2b88b7c0e3a630f69c35d3d476a01c38f83fca3efbba10e55188e0264ff56d6

    • SHA512

      7dfc44aa1a87427ed019dc3ab2724b23461584e0f8078a0fc0280d3d266778ab4ca18b41c52de98abae039506f4cbe7a267f2181be29664d8aa11aed31511f3e

    • SSDEEP

      393216:wcyHO5JRbpNnZN1fuhmqfyE61oEA2vGDLMt7fW1ghVbBoI1xYvK9vudPX5XDefaR:wXHGJJqLlMt7u8bBogKipiPF/Xa4X

    Score
    3/10
    • Target

      CCleaner.Technician.6.12.10490.Portable/App/CCleaner/CCleaner.exe

    • Size

      32.7MB

    • MD5

      79c9b293cfcf00a925b9c2de29551788

    • SHA1

      d9df445c7abb906ef54638865f3faabf2b054b38

    • SHA256

      8be625c9d9b17ec6529957221ef1ee951803fae647cf74c46382723b46fb626b

    • SHA512

      bfba25f62c480a21ae85911634cdd3c9f17a976bfcaed1130a5c253aa20a4b1612475c5ebb02b23978938979a7b3d393cb0e94592b81e192d1fcbedeead5deef

    • SSDEEP

      393216:I0OM+LR8MO0cz36nEy9larq8x2rxrxPCgQ/P9cND0oDtg8XrqNuIpfkl9hSkAePy:78LRFOr3hrD2rtZYHGVFIpg9PgKU

    Score
    6/10
    • Checks for any installed AV software in registry

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      CCleaner.Technician.6.12.10490.Portable/App/CCleaner/CCleaner64.exe

    • Size

      38.6MB

    • MD5

      964d6247907a943b157f46222b9e0081

    • SHA1

      59490157579368cb36206f41f6e6a358ffa8d867

    • SHA256

      6361b1927a8688276f234b01102cc252d1635516ffd2208d9f0c96212bfd0149

    • SHA512

      8c1ed9885f8c9159cc070c75421655f41ff0671d27c424c7e8774eaf9b18a9521a8153b38e0f555a568f5554dbf5bcb379276327c68761a125ae9ef19bf1ebe4

    • SSDEEP

      393216:knsB9c3+rEF/mxhPR+GPJHV9sRSCcRhLlDVrqNXzuIIrl9hSkAePYnh:ksB9cOrFPfZXsRSCcn3IIJ9Pg

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks for any installed AV software in registry

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      CCleaner.Technician.6.12.10490.Portable/App/CCleaner/branding.dll

    • Size

      49KB

    • MD5

      44eaad1c89dd71258c31c7c4fd00b404

    • SHA1

      125e71b27ad8371a895b2ee03383b6bc81cdabeb

    • SHA256

      3fcdf0a04421dc1415c1c3fcf8ea072ad6396ece36d0f67de1a8dc66103e74d9

    • SHA512

      d6807c7282001198344225f479e39d2b4b8955b1aadbe64b7915160b973bce304645fd05f9810cf005a3eb95510c1e5e880af94236b0f6aff3f506b81fd907db

    • SSDEEP

      768:zzp6EMd6r10BuYMoH17aiT22DbssEKh6J5nmS2ky2uDDaaCYi/iPxWEdNrBb:zN+4r10fdKEQPKYJqo76PxpF

    Score
    1/10
    • Target

      CCleaner.Technician.6.12.10490.Portable/App/DefaultData/CCleaner/Winapp2.ini

    • Size

      944KB

    • MD5

      b44e2c2e59443dfbe362777bec626675

    • SHA1

      8530fe37794fbf667640e760346867dbee28fb14

    • SHA256

      c9f05be4f6320624614a3a9af7e653a83d4f5fafe6eb21b3ed3ad3aca75acad2

    • SHA512

      19f72895e4dd3032a5132d1ac6f23a798e5676b1d233276121aa713bae95f3b353ffe84fc86c90e8dbbd10959b27f7415d0983717b832480746f30f5a066068a

    • SSDEEP

      12288:4FZg2wFqiMpykyaMdccHoozgQKwmYr/p4xxR+7j3NsLEQAI/CYltS34YbiU/XFJT:RFu7AI/CYEh

    Score
    1/10
    • Target

      CCleaner.Technician.6.12.10490.Portable/CCleanerPortable.exe

    • Size

      83KB

    • MD5

      5aeed26e8407efdba31fc41fbe2014dd

    • SHA1

      d3284d5441d3c5ec9fa50c0aba100ed0d93f5c79

    • SHA256

      c63a1798b3d1884fd9fefda4a4fca2692ac14c56252b8238c55ce2f00edfb5f8

    • SHA512

      df1fda897f5a92cb9569fb9139656fd0f80f4b4f8c430e6fcfa246221cc0810157b3fd5a7772203f969f71471964345420e1635538adee5ee199a0aba1f44e28

    • SSDEEP

      1536:MQpQ5EP0ijnRTXJeTHUAQBKnTu73/Cp1jnFYicR5Ca7S1gU5kE4s:MQIURTXJeTUAQBma73/Cbnr45Ca76gTs

    Score
    8/10
    • Drops file in Drivers directory

    • Loads dropped DLL

    • Checks for any installed AV software in registry

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      CCleaner.Technician.6.12.10490.Portable/Data/CCleaner/Winapp2.ini

    • Size

      944KB

    • MD5

      b44e2c2e59443dfbe362777bec626675

    • SHA1

      8530fe37794fbf667640e760346867dbee28fb14

    • SHA256

      c9f05be4f6320624614a3a9af7e653a83d4f5fafe6eb21b3ed3ad3aca75acad2

    • SHA512

      19f72895e4dd3032a5132d1ac6f23a798e5676b1d233276121aa713bae95f3b353ffe84fc86c90e8dbbd10959b27f7415d0983717b832480746f30f5a066068a

    • SSDEEP

      12288:4FZg2wFqiMpykyaMdccHoozgQKwmYr/p4xxR+7j3NsLEQAI/CYltS34YbiU/XFJT:RFu7AI/CYEh

    Score
    1/10
    • Target

      CCleaner.Technician.6.12.10490.Portable/Other/Source/CCleaner.ico

    • Size

      18KB

    • MD5

      34a97908449c77fe6eb3dd36e6504d45

    • SHA1

      f04a09f0f74714fcbfffc475bf749b56c8a25c2e

    • SHA256

      e53228b0a17a8876ed337e0f23b653056036f21da0eb16c68ec7f427f3e2f9a1

    • SHA512

      cd84569bd13f3a60bbf04599696bb37eb897c0a2da3693433db050d6d545918200b00001ebed896c529f47429fcc54082cd35de51af7b720cf00b6c6b3b42662

    • SSDEEP

      384:qDbknhPp6G+05FGZq6hq1dCSLQQB2DsDMVy:cknhR3CHhqXQQB2DsDH

    Score
    3/10
    • Target

      CCleaner.Technician.6.12.10490.Portable/Other/Source/_CCleanerPortable.nsi

    • Size

      7KB

    • MD5

      72cf3fea8bb60b5aeaf3a9d149dc001e

    • SHA1

      af93cf58fdad6d165345129df3a283c87e2fa964

    • SHA256

      41bf7f7b142b9b6cbef6a056b32a6aadd3c3516c57a7014b0a793c1b545cc10a

    • SHA512

      94f65ab617a980fb0fec6b332a28bd260cc2d5ae01fd5ae916b52d32905f75499344155c41f56aa320c8c624992e294e22560c9d8b94a5021d5006e3fe91e9bb

    • SSDEEP

      192:0USjHN+9CLELx4IVL25hOZLQJdwvIHsGJT9tq71vmtqE:0USjHN+MLELx4IVLgsuJdUIMyC5vmtL

    Score
    3/10
    • Target

      CCleaner.Technician.6.12.10490.Portable/Other/Source/_CCleanerPortableInstaller.nsi

    • Size

      17KB

    • MD5

      0bb9a76eb7d3ec27349c7a4865ae820b

    • SHA1

      8893c96ec64383da352e3cc9e6c5e46cc1e9e041

    • SHA256

      8bb0edc9deb8f63faa50e8c51ec62f919ba3c55eaa33702545dd36b5d49ba5c4

    • SHA512

      f94e8985c545ee5f558874e718237c5fb201b21e5d1dac486ac7d752e65c4473d444c7f44ca2487e9108e1f225cafb981dd99477cbe934dc550d6ac1105999ef

    • SSDEEP

      384:QBUAU2Hy+zKlJ1O3fRqqIgwrHioXmKdTRgpxd/D40kkxYj2w6dkRlOa/gqeHh++C:QBuaav

    Score
    3/10
    • Target

      CCleaner.Technician.6.12.10490.Portable/Other/_Include/7-Zip/7z.dll

    • Size

      1.1MB

    • MD5

      1d609dde1bf42bd586dc6ffd9baec9ad

    • SHA1

      5fbef0f1da6ddb894e66ec9fb2940b2a6e2528c4

    • SHA256

      8621c36f640b15e24432289fa6576cfc0650b58ec7dc4e9bb368f770a7d1e063

    • SHA512

      d47b3aa894051df6b95dd8b691d8547cd2ab6f483f2d9251e17eb04487c89fbd109f64bf2bfbc37c907436af5a9af71493d70bd5497f155dc0d79123c141ccc6

    • SSDEEP

      24576:k//aDLAVLLZmB2jv1ZQbsx74v1ccjeIMasrPCjn/+WSiL+t:k/ELAzmB2jv1ZQb5vP+Cj+WSW+

    Score
    3/10
    • Target

      CCleaner.Technician.6.12.10490.Portable/Other/_Include/7-Zip/7z.exe

    • Size

      322KB

    • MD5

      e96ca76c61c71b3f424659d34a70e55e

    • SHA1

      2f2fc7fd4d9bd3700e24fc74edb0993f224cd782

    • SHA256

      604bbefa936ec531bad588a0faaf7df22d9b0187afda4fac1c04018948e831fc

    • SHA512

      563dc747f0d3dd79b8ea5caf8e487273645a38638cf06099db114108233fda002dfd189bafb57255c7b300b2270c1d1783394a6d9ee0eac7113329ae39ed4373

    • SSDEEP

      6144:7+FT3ZEFMicDwJytw9ppYII4n0nNF8Ar08gz+f6dI7r/DNI:7+wMiFctw9pCIh0nNPr/gwrNI

    Score
    1/10
    • Target

      CCleaner.Technician.6.12.10490.Portable/Other/_Include/Installer.bmp

    • Size

      51KB

    • MD5

      6e9d8e8699f0accc27aa9a1aac8b7e47

    • SHA1

      49caad3187ae8708b36889cad40a959679b52f25

    • SHA256

      fbddcd7882e0cf80452e58356e4d497ee6f08921665e27bd86049a0bb60d6be9

    • SHA512

      84f00c25371c6394e2a96640a344f1d7f9d35a2cf9080565cb03f3ae2f14bdbef05e3597a7943faadc201e847ada2ac0843347a375a58e267cb0948e397a226b

    • SSDEEP

      384:CaMEOFCq0dsgN/Lf53J/Q3BZCeVMz6aIlmXDT2lw6F0e53+Q09cPc/dSP:XMEyX0dF//Q3bCekBiFpHAi

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      CCleaner.Technician.6.12.10490.Portable/Other/_Include/Installer.nsh

    • Size

      5KB

    • MD5

      45af5430552609fe766493dd02fbc3b8

    • SHA1

      8e912d9bd4b72cf15fc4a1346f2cc677beb29161

    • SHA256

      4d2de35891814dd77ec372f3d9204813a30c3e89512768d4db283a76d07e3194

    • SHA512

      cc3228a6e531381d20da09d374a1b1d3d0583f82278f5c3578d0e98e1888bb3ce66bef5b44510cccf3b5db4abfe6bbab660fa7c703ddbaebbc7d9e4a25bab9e9

    • SSDEEP

      96:8Yu0E183yDYr0NUNojOf7uKlSVdeY583RBJns3HeB8TgQ:8t0E18CDYr0NUNoCj5LY8Vs3HvTgQ

    Score
    3/10
    • Target

      CCleaner.Technician.6.12.10490.Portable/Other/_Include/Launcher.nsh

    • Size

      14KB

    • MD5

      526ef23976b8e0e0d9c23ce575cc91ca

    • SHA1

      335bde5372f9c36a6d668d40915163cbf341fbb8

    • SHA256

      b86841e8407d81da7bc51965e58a26a41a6760e2ef62489a5fca2f8830c2bb53

    • SHA512

      d66772ba0999c3f75f2a6dfc7fb68d50621cbeff6bcc3213145018a8c9a48e591f2e4a76f087e0ab05155c67cfff746f7c74f45550c5dc463cd4c4df93627ccf

    • SSDEEP

      384:gXzl1lm5uEVRLwEzVEaOQm0bSxkKp7ELpI6RhfaNUdK2HhqJ9mzU/YMI7p2wFozl:yzl1LXQm0e2KJypI63S2g2UICMph05/P

    Score
    3/10
    • Target

      CCleaner.Technician.6.12.10490.Portable/Other/_Include/Splash.bmp

    • Size

      42KB

    • MD5

      a4f20461b93fe1c21bb85fa6a01db6b5

    • SHA1

      7f44b55285fa5da77708ccf07d1b5fca6cac346a

    • SHA256

      e40d812697c440bb47ba4c1d33b41bb0e9b984b24fd724febac747e229915f42

    • SHA512

      bf735429294ce6e39b80e82e6677802548ea4e8463113dc10b49d249bc4bb65d03fb9cdcea5cabd73c157b75435e06211747b6837575e67665b464a5eb50003c

    • SSDEEP

      384:U0MF+uAzAq21Wb9ElgniP+MawBcl6kD6T+Q9l2:LkAz3bb9EOniROD6Tbm

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v6

Tasks

static1

Score
3/10

behavioral1

Score
3/10

behavioral2

Score
3/10

behavioral3

bootkitpersistence
Score
6/10

behavioral4

bootkitpersistence
Score
6/10

behavioral5

bootkitdiscoverypersistencespywarestealer
Score
7/10

behavioral6

bootkitdiscoverypersistencespywarestealer
Score
7/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

bootkitpersistence
Score
8/10

behavioral12

bootkitpersistence
Score
8/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
3/10

behavioral26

Score
7/10

behavioral27

Score
3/10

behavioral28

Score
3/10

behavioral29

Score
3/10

behavioral30

Score
3/10

behavioral31

Score
3/10

behavioral32

Score
7/10