Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ebf175f3cb1e37fe3740e183a34d7ea3dc4bf834fbd19115e6db1a7bf6e404d9

  • Size

    388KB

  • Sample

    240530-v9qrjafb7s

  • MD5

    6c41fca21045431e33fca1d5107beae6

  • SHA1

    6e20891c5fbe1148f8d85e2b6ea2be31dee36bf5

  • SHA256

    ebf175f3cb1e37fe3740e183a34d7ea3dc4bf834fbd19115e6db1a7bf6e404d9

  • SHA512

    794258cbafddafc04be75be6d304ef2ae9dd56b70761d2b96fddf0550a2d0dccde3243d5c8db4448ec40ef46a89761fd2c72c3e7f97c606665173513ad29083c

  • SSDEEP

    6144:djr9eltSqItUozTxEIknA6nqA6raILBSNWG6RXndF:1r9eltDITK4AR2S4ln

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

    • Target

      ebf175f3cb1e37fe3740e183a34d7ea3dc4bf834fbd19115e6db1a7bf6e404d9

    • Size

      388KB

    • MD5

      6c41fca21045431e33fca1d5107beae6

    • SHA1

      6e20891c5fbe1148f8d85e2b6ea2be31dee36bf5

    • SHA256

      ebf175f3cb1e37fe3740e183a34d7ea3dc4bf834fbd19115e6db1a7bf6e404d9

    • SHA512

      794258cbafddafc04be75be6d304ef2ae9dd56b70761d2b96fddf0550a2d0dccde3243d5c8db4448ec40ef46a89761fd2c72c3e7f97c606665173513ad29083c

    • SSDEEP

      6144:djr9eltSqItUozTxEIknA6nqA6raILBSNWG6RXndF:1r9eltDITK4AR2S4ln

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks