Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.c0b531f0de9f7e8305b537535f9f0620.exe

  • Size

    200KB

  • Sample

    231021-1cx28sgh41

  • MD5

    c0b531f0de9f7e8305b537535f9f0620

  • SHA1

    63bb2cd5430eb483f7878378e8f9607f678a20a2

  • SHA256

    91d9bb403c6ce7eece8eaf345dca0e1baf5bf4591e6b426ba3d921fcb177405c

  • SHA512

    86a67320786bb7fab27d0c4cf8ce3824e571f8588fde2c8fc373cae20fd68f1e986a89abbb352857501959688cc3680308d3b07725a3812902900fdb93742fff

  • SSDEEP

    1536:Ti+N6u0utYGsoK2mEGIBp+WWN7YfEj77iZ76vVGU2AjZ1g9B5McLaRQLd764cGPP:eYYutRQSc/7c6tJZm9B5MuaRQLd7643H

Score
10/10

Malware Config

Extracted

Family

urelas

C2

218.54.47.77

218.54.47.74

Targets

    • Target

      NEAS.c0b531f0de9f7e8305b537535f9f0620.exe

    • Size

      200KB

    • MD5

      c0b531f0de9f7e8305b537535f9f0620

    • SHA1

      63bb2cd5430eb483f7878378e8f9607f678a20a2

    • SHA256

      91d9bb403c6ce7eece8eaf345dca0e1baf5bf4591e6b426ba3d921fcb177405c

    • SHA512

      86a67320786bb7fab27d0c4cf8ce3824e571f8588fde2c8fc373cae20fd68f1e986a89abbb352857501959688cc3680308d3b07725a3812902900fdb93742fff

    • SSDEEP

      1536:Ti+N6u0utYGsoK2mEGIBp+WWN7YfEj77iZ76vVGU2AjZ1g9B5McLaRQLd764cGPP:eYYutRQSc/7c6tJZm9B5MuaRQLd7643H

    Score
    10/10
    • Urelas

      Urelas is a trojan targeting card games.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks