Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e9c8bf69a6d410a02da952248c0b111d2ab15ae1b8225bbc76ae0ed7f77cfa75

  • Size

    329KB

  • Sample

    240408-r39z2sfa8v

  • MD5

    ebe26fdff186b666d8efa26b0c5b01fb

  • SHA1

    55e50c556217033702be8f2bf2406c289e1a45cb

  • SHA256

    e9c8bf69a6d410a02da952248c0b111d2ab15ae1b8225bbc76ae0ed7f77cfa75

  • SHA512

    adad28543cf16511d2fc51a90d9f819a95c2990b775cbc0e7039c7a0eab0d58bfd80a5f973958bbb3d39cc5d169f1d603f1e8d5599539e0cbab0c144ce688856

  • SSDEEP

    3072:mqMNdvFveNv5nJDYS+npwazwXJ7V3Rerp7GBaOh+RCsomXC+rYq21icGqIizRjFz:mLGJnhdBkU2RPRYHkdqIOVDs

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes
  • url_path

    /advdlc.php

Targets

    • Target

      e9c8bf69a6d410a02da952248c0b111d2ab15ae1b8225bbc76ae0ed7f77cfa75

    • Size

      329KB

    • MD5

      ebe26fdff186b666d8efa26b0c5b01fb

    • SHA1

      55e50c556217033702be8f2bf2406c289e1a45cb

    • SHA256

      e9c8bf69a6d410a02da952248c0b111d2ab15ae1b8225bbc76ae0ed7f77cfa75

    • SHA512

      adad28543cf16511d2fc51a90d9f819a95c2990b775cbc0e7039c7a0eab0d58bfd80a5f973958bbb3d39cc5d169f1d603f1e8d5599539e0cbab0c144ce688856

    • SSDEEP

      3072:mqMNdvFveNv5nJDYS+npwazwXJ7V3Rerp7GBaOh+RCsomXC+rYq21icGqIizRjFz:mLGJnhdBkU2RPRYHkdqIOVDs

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks