Overview

overview

10

Static

static

3

NEAS.872a8...d0.exe

windows7-x64

10

NEAS.872a8...d0.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/11/2023, 16:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.872a8871f090ce817f079b1fd6eba5d0.exe

  • Size

    83KB

  • MD5

    872a8871f090ce817f079b1fd6eba5d0

  • SHA1

    be39c7abeabc7c37ddbfce5e1d4c7222946fd122

  • SHA256

    6fc67be59975392c35d59cf8316d3788d311a79045dd8b1fc63cc2b879f74502

  • SHA512

    7cc288ae47d59b393a2f6cbeceb1b6e1636b1a6a4d1c437bde8f02fed888a19a1c48cc14963e0cfb1eacb2fc5f1f274ab8c9acb7a10e2d754c7e89810bcdb5d3

  • SSDEEP

    1536:71PWJsDkhsc5lw2tPZ1QF30BqIHr6jIfvx:i5l3m3aqI2Ifvx

Score
10/10
urelastrojan

Malware Config

Extracted

Family

urelas

C2

218.54.28.139

121.88.5.183

Signatures

  • Urelas

    Urelas is a trojan targeting card games.

    trojanurelas
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.872a8871f090ce817f079b1fd6eba5d0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.872a8871f090ce817f079b1fd6eba5d0.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4816
    • C:\Users\Admin\AppData\Local\Temp\poldge.exe
      "C:\Users\Admin\AppData\Local\Temp\poldge.exe"
      2⤵
      • Executes dropped EXE
      PID:3140
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sanfdr.bat" "
      2⤵
        PID:2036

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\golfinfo.ini
      Filesize

      512B

      MD5

      3f372385bf24b44385f4b1251d3aca4d

      SHA1

      83546de6ba8f20bd08a15896d34f6242ed64352f

      SHA256

      b5edef052667b8380ff98c9ff2029faaaa0b1931818a5ef011ce766193ceda27

      SHA512

      d2f888908ca52c1a99c3d45e83512e2eafd2cc3ae3b782ef0cc80165c4adaf7e488d1aba2028d83fc39e4b8c96c65f82436a10a94e319b9b8aec1f69cd76e5b7

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\poldge.exe
      Filesize

      83KB

      MD5

      46257d0ec691b44c3df7a912d7ec7dc1

      SHA1

      80a5ab8bfc029e462a5ebaedb53042555bf7cb7f

      SHA256

      5f9bfc6ec50da112a1bbfc75c21f4b791da96d2a9426a2df7ec1846179a45b7b

      SHA512

      61b5859e4d7f4450b9fbf26def47d3478207b125f34bf6408a6b748822e959d5d80bebd63b973cb2d901a6b61ec8db33706ad9b4eb9ec49630baf899a82a93b5

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\poldge.exe
      Filesize

      83KB

      MD5

      46257d0ec691b44c3df7a912d7ec7dc1

      SHA1

      80a5ab8bfc029e462a5ebaedb53042555bf7cb7f

      SHA256

      5f9bfc6ec50da112a1bbfc75c21f4b791da96d2a9426a2df7ec1846179a45b7b

      SHA512

      61b5859e4d7f4450b9fbf26def47d3478207b125f34bf6408a6b748822e959d5d80bebd63b973cb2d901a6b61ec8db33706ad9b4eb9ec49630baf899a82a93b5

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\poldge.exe
      Filesize

      83KB

      MD5

      46257d0ec691b44c3df7a912d7ec7dc1

      SHA1

      80a5ab8bfc029e462a5ebaedb53042555bf7cb7f

      SHA256

      5f9bfc6ec50da112a1bbfc75c21f4b791da96d2a9426a2df7ec1846179a45b7b

      SHA512

      61b5859e4d7f4450b9fbf26def47d3478207b125f34bf6408a6b748822e959d5d80bebd63b973cb2d901a6b61ec8db33706ad9b4eb9ec49630baf899a82a93b5

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\sanfdr.bat
      Filesize

      284B

      MD5

      b0fe2c4db1a504925687059a864773db

      SHA1

      b76ad7a1d91869061efa18cb3ed212810c56dbe2

      SHA256

      9414174ccd3c914de75aa98301d5606de5e5e7a59bbfe6b6e6632c848c77231e

      SHA512

      caa8a756e9e604153daab26934e0c7c3c14df4eda495ed0d6abe5e385c679dfab5997d2239bdf74cb67d3d70f5c5904ef8e0cc86d8f6dba1bd404c5734f90e1a

      Download Submit

    • memory/3140-12-0x0000000000850000-0x000000000087E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/3140-18-0x0000000000850000-0x000000000087E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/3140-24-0x0000000000850000-0x000000000087E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/4816-0-0x0000000000100000-0x000000000012E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/4816-3-0x0000000000100000-0x000000000012E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/4816-15-0x0000000000100000-0x000000000012E000-memory.dmp

      Filesize

      184KB

      Download