Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ad1a55297078632470302dcc6e350965122c44bcbedeaadbaf87f992a5836ee0

  • Size

    336KB

  • Sample

    240415-l2frxsbg34

  • MD5

    4d73dce22d36105014e589a7cdd5ad04

  • SHA1

    cb930cdce8251fb84ab6f6b88792dfe01f84e7c4

  • SHA256

    ad1a55297078632470302dcc6e350965122c44bcbedeaadbaf87f992a5836ee0

  • SHA512

    e68f109245eeb50a3e3052b13ccc005905b99f25fb08b06d6c8011019e46a075dead58ec4903cb40e78d6c5697f97dab0d7ebcb241b1ba064f168baa4ef4a8f1

  • SSDEEP

    3072:Odk4+c0ObwJPNLHn0rQnSt2+ePTx35RKd9lVOuSj1prrqxHzFYqy7sMaC1rv6+El:hPPtH0kSt2A3Sxu9FYiC1rvvEN3O

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes
  • url_path

    /advdlc.php

Targets

    • Target

      ad1a55297078632470302dcc6e350965122c44bcbedeaadbaf87f992a5836ee0

    • Size

      336KB

    • MD5

      4d73dce22d36105014e589a7cdd5ad04

    • SHA1

      cb930cdce8251fb84ab6f6b88792dfe01f84e7c4

    • SHA256

      ad1a55297078632470302dcc6e350965122c44bcbedeaadbaf87f992a5836ee0

    • SHA512

      e68f109245eeb50a3e3052b13ccc005905b99f25fb08b06d6c8011019e46a075dead58ec4903cb40e78d6c5697f97dab0d7ebcb241b1ba064f168baa4ef4a8f1

    • SSDEEP

      3072:Odk4+c0ObwJPNLHn0rQnSt2+ePTx35RKd9lVOuSj1prrqxHzFYqy7sMaC1rv6+El:hPPtH0kSt2A3Sxu9FYiC1rvvEN3O

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks