urelas | 109e35b327c59a354b2611bfc2cdfb889b2644cca2b396332f11965286979ef2 | Triage

Submit
Reports

Overview

overview

Static

static

7

NEAS.b0b4d...JC.exe

windows7-x64

NEAS.b0b4d...JC.exe

windows10-2004-x64

Sharing

General

Target

NEAS.b0b4d7237d84ac0554025d3783738490_JC.exe
Size

335KB
Sample

231101-qggkyagf7v
MD5

b0b4d7237d84ac0554025d3783738490
SHA1

a7c022f047afe8ca3d415934632a39432cad298a
SHA256

109e35b327c59a354b2611bfc2cdfb889b2644cca2b396332f11965286979ef2
SHA512

a2040ae495d8a51120baeaf981fba99d36fbc3d9aa20375b3b8b18bc5ff84e68c3c46ffd1fe968f1bdf2894a9020e6490532191a35837619754fda4531f0e638
SSDEEP

6144:fn+6ZMDkaGyzBQjBzahZKeKxQ/ynQmvrVn1VZlEE9VX4fzi4ZooQ:PMDkaTBcUhZVKmqvTVrZl1VomB

Score

10^/10

urelas aspackv2 trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

NEAS.b0b4d7237d84ac0554025d3783738490_JC.exe

Resource

win7-20231020-en

urelas aspackv2 trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEAS.b0b4d7237d84ac0554025d3783738490_JC.exe

Resource

win10v2004-20231020-en

urelas aspackv2 trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.226

218.54.31.165

Targets

- Target
  
  NEAS.b0b4d7237d84ac0554025d3783738490_JC.exe
- Size
  
  335KB
- MD5
  
  b0b4d7237d84ac0554025d3783738490
- SHA1
  
  a7c022f047afe8ca3d415934632a39432cad298a
- SHA256
  
  109e35b327c59a354b2611bfc2cdfb889b2644cca2b396332f11965286979ef2
- SHA512
  
  a2040ae495d8a51120baeaf981fba99d36fbc3d9aa20375b3b8b18bc5ff84e68c3c46ffd1fe968f1bdf2894a9020e6490532191a35837619754fda4531f0e638
- SSDEEP
  
  6144:fn+6ZMDkaGyzBQjBzahZKeKxQ/ynQmvrVn1VZlEE9VX4fzi4ZooQ:PMDkaTBcUhZVKmqvTVrZl1VomB
Score

10^/10

urelas aspackv2 trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasaspackv2trojan

behavioral2

urelasaspackv2trojan

© 2018-2024

Terms | Privacy