Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    utweb_installer.exe

  • Size

    1.7MB

  • Sample

    231002-th4cwaeb62

  • MD5

    d2edd3dfe864a7c9f404eeaf31876b54

  • SHA1

    78bd37c62d63696bc709bb8cf5606efa6e99acfa

  • SHA256

    7f55c694a91d6fe4fb57e0becbe0a2494d2a7b16cb7b72e01dc5b8e3205fb3af

  • SHA512

    fd4b999c4ed8e47c413ab6347aa33bf7583df07f229196e880c90d80237e854cd7c07ce5b51adf7592e635eba9e79ac4826b162dd0cc007397e9721452b2b1c7

  • SSDEEP

    24576:37FUDowAyrTVE3U5FxMuvlzqEBd4U1u5QS2q5RqSb3G56T9A+7pqRb5:3BuZrEUlLtzbpAzRO56OsYR

Malware Config

Targets

    • Target

      utweb_installer.exe

    • Size

      1.7MB

    • MD5

      d2edd3dfe864a7c9f404eeaf31876b54

    • SHA1

      78bd37c62d63696bc709bb8cf5606efa6e99acfa

    • SHA256

      7f55c694a91d6fe4fb57e0becbe0a2494d2a7b16cb7b72e01dc5b8e3205fb3af

    • SHA512

      fd4b999c4ed8e47c413ab6347aa33bf7583df07f229196e880c90d80237e854cd7c07ce5b51adf7592e635eba9e79ac4826b162dd0cc007397e9721452b2b1c7

    • SSDEEP

      24576:37FUDowAyrTVE3U5FxMuvlzqEBd4U1u5QS2q5RqSb3G56T9A+7pqRb5:3BuZrEUlLtzbpAzRO56OsYR

    • Creates new service(s)

    • Downloads MZ/PE file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks for any installed AV software in registry

    • Legitimate hosting services abused for malware hosting/C2

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks