Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fc351f28e8b2ed6ba6a176e4277483fb3ae15eb1b86e219510bdd92c17705861

  • Size

    251KB

  • Sample

    240514-3cs5dsde6w

  • MD5

    cfa4a6a0f53745a8da3ebf200e704467

  • SHA1

    3107c8abda139b890d4b98f27ddc41a0f3034ff4

  • SHA256

    fc351f28e8b2ed6ba6a176e4277483fb3ae15eb1b86e219510bdd92c17705861

  • SHA512

    84eadd94e267003b42f9f12d96bc712e9757698c4521b7107530834a69e14b49d44b2019d3f5b9a549ece15208a92159347a96863dce2713d7489958d3407361

  • SSDEEP

    3072:UGRP4dODEy9Sj0rwwn9+3BgHRgvbhRAjmk+XxS9+d3ODbQsMx9N9p1nCdwst2j2C:SS3ck79hqbhRAmVxSsg4suN9vC32CmY

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes
  • url_path

    /advdlc.php

Targets

    • Target

      fc351f28e8b2ed6ba6a176e4277483fb3ae15eb1b86e219510bdd92c17705861

    • Size

      251KB

    • MD5

      cfa4a6a0f53745a8da3ebf200e704467

    • SHA1

      3107c8abda139b890d4b98f27ddc41a0f3034ff4

    • SHA256

      fc351f28e8b2ed6ba6a176e4277483fb3ae15eb1b86e219510bdd92c17705861

    • SHA512

      84eadd94e267003b42f9f12d96bc712e9757698c4521b7107530834a69e14b49d44b2019d3f5b9a549ece15208a92159347a96863dce2713d7489958d3407361

    • SSDEEP

      3072:UGRP4dODEy9Sj0rwwn9+3BgHRgvbhRAjmk+XxS9+d3ODbQsMx9N9p1nCdwst2j2C:SS3ck79hqbhRAmVxSsg4suN9vC32CmY

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks