Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.bd711982026f3a86ef657bcfc639ca30.exe

  • Size

    203KB

  • Sample

    231013-zehvnaha92

  • MD5

    bd711982026f3a86ef657bcfc639ca30

  • SHA1

    e2bd2b0dd4e8823e3a29679acefc54d2804190cb

  • SHA256

    33c550e7d8a526bf5fa92c9946a292769cb78d4f54b7221a6960740feaccc8eb

  • SHA512

    510bc867f1da1dbe7a31bcb5b7db9f43323388b1dc69125ba4144a363e862c4bd0bab7ae2b11702e343787b84889c03c654190c2fd213135db7cf02fc1313700

  • SSDEEP

    3072:DPijU4kcITkEnbBvByrEVoULptsdXfBo/DBJBGzkP9T:LijBkcITtnbBvnjLpSa/B

Score
10/10

Malware Config

Extracted

Family

urelas

C2

121.88.5.183

218.54.28.139

Targets

    • Target

      NEAS.bd711982026f3a86ef657bcfc639ca30.exe

    • Size

      203KB

    • MD5

      bd711982026f3a86ef657bcfc639ca30

    • SHA1

      e2bd2b0dd4e8823e3a29679acefc54d2804190cb

    • SHA256

      33c550e7d8a526bf5fa92c9946a292769cb78d4f54b7221a6960740feaccc8eb

    • SHA512

      510bc867f1da1dbe7a31bcb5b7db9f43323388b1dc69125ba4144a363e862c4bd0bab7ae2b11702e343787b84889c03c654190c2fd213135db7cf02fc1313700

    • SSDEEP

      3072:DPijU4kcITkEnbBvByrEVoULptsdXfBo/DBJBGzkP9T:LijBkcITtnbBvnjLpSa/B

    Score
    10/10
    • Urelas

      Urelas is a trojan targeting card games.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks