Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

22468ceb0f...3b.exe

windows7-x64

10

22468ceb0f...3b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    234d6b88e2233488b2eb88415c3e739c.bin

  • Size

    231KB

  • Sample

    240607-bhpwdaga29

  • MD5

    651bf9ca0eadc267e402a579ceefb66f

  • SHA1

    d21fc8f701d2adc4e3bada1e7086809480c67f88

  • SHA256

    072365a14be0a827cbb8c1a4b5a916f8c0c68b63e665a3886646ff2f8adc6196

  • SHA512

    9e920f93ef5a505d7fa0a302ab2f52dc15cb7f6cca1beefd409b1bf0bd46b37e6d737209abe006920e59dd66edd75fa5ab6d7976ead6434a0b169872ffba5691

  • SSDEEP

    3072:RiJ5qbPzL5AjBx/jj97fTpVqYE3pjMgGRKh1HuwwQp8zsCb52dwyhhq2TAxO4WNv:RifoPxAjHn9jTpYuRMTisq2RvP7xJh+G

Score
10/10
gcleanerloader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

    • Target

      22468ceb0f9991c618e4d682d304b195a65e60a6f507629561106ed815b81f3b.exe

    • Size

      352KB

    • MD5

      234d6b88e2233488b2eb88415c3e739c

    • SHA1

      fbbb9ab5a95b4947da0a5c03896d11e570c0b297

    • SHA256

      22468ceb0f9991c618e4d682d304b195a65e60a6f507629561106ed815b81f3b

    • SHA512

      ab4f7d3c930a7af65855f8233d76a205b5e5a564c12425605cc33f0a38607327f1a617126b3feb408c8ae5ab2f5e95e199e6edf2ae80f0b5b4dda8897bb83414

    • SSDEEP

      6144:imasVRdSnbzhOnEmKugskS7gqHVkG8rj7G3trkHiT:imasVREnbljMgtHO6z7G3D

    Score
    10/10
    gcleanerloader

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

      loadergcleaner

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks