Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3489facc929b98316bbfd271f981f641756b64b458f7103dc1d7abd6abe8cf04

  • Size

    432KB

  • Sample

    240911-nn8a5axfrn

  • MD5

    0ace1ecf3758e0f430a7edc64dbb7b91

  • SHA1

    533bbf5cedbea8300ae65b57756c9df8f7fd91a1

  • SHA256

    3489facc929b98316bbfd271f981f641756b64b458f7103dc1d7abd6abe8cf04

  • SHA512

    fb7dbfeabd1392feb0c54a79def2e226c094ab3481ba120ca73913afe9ccbd470642e424409e0ee2bda99cf605c2b082fd9b05804c47bb4b1ce0640b4043c8f2

  • SSDEEP

    6144:kWVjhIkFiLd+GpZHH3VR0HQTHxrN41QxZ9Z3J0l6bMOk/VkNim+OK+l8O:kKhPFi5+kZHHn0wtNDLbFEyPb

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

45.91.200.135

Targets

    • Target

      3489facc929b98316bbfd271f981f641756b64b458f7103dc1d7abd6abe8cf04

    • Size

      432KB

    • MD5

      0ace1ecf3758e0f430a7edc64dbb7b91

    • SHA1

      533bbf5cedbea8300ae65b57756c9df8f7fd91a1

    • SHA256

      3489facc929b98316bbfd271f981f641756b64b458f7103dc1d7abd6abe8cf04

    • SHA512

      fb7dbfeabd1392feb0c54a79def2e226c094ab3481ba120ca73913afe9ccbd470642e424409e0ee2bda99cf605c2b082fd9b05804c47bb4b1ce0640b4043c8f2

    • SSDEEP

      6144:kWVjhIkFiLd+GpZHH3VR0HQTHxrN41QxZ9Z3J0l6bMOk/VkNim+OK+l8O:kKhPFi5+kZHHn0wtNDLbFEyPb

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks