Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.1be0175b239625d2b3ed3642c0a703e0_JC.exe

  • Size

    454KB

  • Sample

    231103-zv3vrsad2t

  • MD5

    1be0175b239625d2b3ed3642c0a703e0

  • SHA1

    f24a9b1e5d8ca62d936c6f320eeaa7b38a6e9272

  • SHA256

    a3d93ac6346281e7dee8546016bf2114e3d45e39210b1b45d4a70246d4fa4265

  • SHA512

    e661f10c66c97276665888c29c3e8341e87d0be098ae7750617e63a582817bbd6ef66860787f4de2fa6f1bb321bcf5e6053c10587c748eaa8bdb3a7334b859f7

  • SSDEEP

    6144:LEK25f5ySIcWLsxIIW4DYM6SB6v+qLnAzYmhVOpdFRdm/3le:LMpASIcWYx2U6hAJVN0

Score
10/10

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

    • Target

      NEAS.1be0175b239625d2b3ed3642c0a703e0_JC.exe

    • Size

      454KB

    • MD5

      1be0175b239625d2b3ed3642c0a703e0

    • SHA1

      f24a9b1e5d8ca62d936c6f320eeaa7b38a6e9272

    • SHA256

      a3d93ac6346281e7dee8546016bf2114e3d45e39210b1b45d4a70246d4fa4265

    • SHA512

      e661f10c66c97276665888c29c3e8341e87d0be098ae7750617e63a582817bbd6ef66860787f4de2fa6f1bb321bcf5e6053c10587c748eaa8bdb3a7334b859f7

    • SSDEEP

      6144:LEK25f5ySIcWLsxIIW4DYM6SB6v+qLnAzYmhVOpdFRdm/3le:LMpASIcWYx2U6hAJVN0

    Score
    10/10
    • Urelas

      Urelas is a trojan targeting card games.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks