Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.5c0f0962b050399f72bffc051720c165.exe

  • Size

    195KB

  • Sample

    231028-wf4a7sed34

  • MD5

    5c0f0962b050399f72bffc051720c165

  • SHA1

    58dd5d89316c04d92997e85f8a18fe7b339155e7

  • SHA256

    8cedfb1d7306c80e93b354efbcaf1fb1913ac74079bd36e43f753740a7253ae6

  • SHA512

    bf681ba986bee0b88345c82e38d4eea22bcaccdd557e066e466fa0fb957b1a0ec18f28a436755be96b404b51da67c268de463f14463f7b45bb76e6e3cf72b830

  • SSDEEP

    3072:ulOCNlACeMKV6ETiiXd60iuic+XzoWad5N443nsexP:ugCNSv6p8lec+cTiqsexP

Score
10/10

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

    • Target

      NEAS.5c0f0962b050399f72bffc051720c165.exe

    • Size

      195KB

    • MD5

      5c0f0962b050399f72bffc051720c165

    • SHA1

      58dd5d89316c04d92997e85f8a18fe7b339155e7

    • SHA256

      8cedfb1d7306c80e93b354efbcaf1fb1913ac74079bd36e43f753740a7253ae6

    • SHA512

      bf681ba986bee0b88345c82e38d4eea22bcaccdd557e066e466fa0fb957b1a0ec18f28a436755be96b404b51da67c268de463f14463f7b45bb76e6e3cf72b830

    • SSDEEP

      3072:ulOCNlACeMKV6ETiiXd60iuic+XzoWad5N443nsexP:ugCNSv6p8lec+cTiqsexP

    Score
    10/10
    • Urelas

      Urelas is a trojan targeting card games.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks