Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.cbe905ebeb4510ebbeae76aacfac70e0.exe

  • Size

    289KB

  • Sample

    231021-1dn6qabc28

  • MD5

    cbe905ebeb4510ebbeae76aacfac70e0

  • SHA1

    c6e815b74120f8e9aa50d3eb45af24a895e3c6e4

  • SHA256

    4410d3de681f8c4f4cb4f55fe465384c4d0d5e9403e505d4f7ab78e16e9e991e

  • SHA512

    308e219b417b7bdab974830111fd3568a02015f08ac8942b1e96d8ea97acdc70a9176e3438fcba93d3a4beeb029d7199eb2ed1704e6b483cfce44af7ee346ddc

  • SSDEEP

    6144:1VzEZ5YgoSsj/ZQUWvYqDUbsbX6EdK77RXW7VGwrLO8O7Pf:a7oSOWUWvXbX5g7pW7Jg

Score
10/10

Malware Config

Extracted

Family

urelas

C2

121.88.5.183

218.54.30.235

121.88.5.182

112.223.217.101

Targets

    • Target

      NEAS.cbe905ebeb4510ebbeae76aacfac70e0.exe

    • Size

      289KB

    • MD5

      cbe905ebeb4510ebbeae76aacfac70e0

    • SHA1

      c6e815b74120f8e9aa50d3eb45af24a895e3c6e4

    • SHA256

      4410d3de681f8c4f4cb4f55fe465384c4d0d5e9403e505d4f7ab78e16e9e991e

    • SHA512

      308e219b417b7bdab974830111fd3568a02015f08ac8942b1e96d8ea97acdc70a9176e3438fcba93d3a4beeb029d7199eb2ed1704e6b483cfce44af7ee346ddc

    • SSDEEP

      6144:1VzEZ5YgoSsj/ZQUWvYqDUbsbX6EdK77RXW7VGwrLO8O7Pf:a7oSOWUWvXbX5g7pW7Jg

    Score
    10/10
    • Urelas

      Urelas is a trojan targeting card games.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks