urelas | 56cfad78febf1f87650569c7f76b0a40019a12bd5f2413311c63671f0a5261f5

Analysis

max time kernel
2s
max time network
50s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 18:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0cb71b6fcbddec2c349b9ccaa742e030.exe
Size

509KB
MD5

0cb71b6fcbddec2c349b9ccaa742e030
SHA1

78e3632f4dd80b7b4bde3ac593311aa94a7fef59
SHA256

56cfad78febf1f87650569c7f76b0a40019a12bd5f2413311c63671f0a5261f5
SHA512

3157abc0779c52bd115c745e18c18dffa73e0a91958c1f7a4ded175d503324890efaa24a0f79d5695a8ae1d1d11bd8dcbd12ae4d32e09131ef64714b7d273733
SSDEEP

12288:j/fCEOMsm8nc3qWQ8wqKhb43nLl5tDrXlFV:j/D0caF8wvhb43pDbV

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

1.234.83.146

133.242.129.155

218.54.31.226

218.54.30.235

218.54.31.165

Signatures

Urelas
Urelas is a trojan targeting card games.
trojan urelas
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\0cb71b6fcbddec2c349b9ccaa742e030.exe
"C:\Users\Admin\AppData\Local\Temp\0cb71b6fcbddec2c349b9ccaa742e030.exe"
1⤵
PID:3588
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_uinsey.bat" "
  2⤵
  PID:3612
- C:\Users\Admin\AppData\Local\Temp\neyjv.exe
  "C:\Users\Admin\AppData\Local\Temp\neyjv.exe"
  2⤵
  PID:4712
- - C:\Users\Admin\AppData\Local\Temp\depub.exe
    "C:\Users\Admin\AppData\Local\Temp\depub.exe"
    3⤵
    PID:2028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_uinsey.bat

Filesize
276B

MD5
905d92a471d869ff9e754232d32a642d

SHA1
fcf0e22ab8dc57dee0c42e9c5ef3697b91fa25c4

SHA256
c4f8d1a1ad88a86b8b87b210fe3c43aa0536c242cc61b98ad6aa6fb80471631d

SHA512
560b886ea7f9ba22ecdf3e12736d54b3216774bb5078ddeb7f49d5e33e66ef4877be6ea4bf67ac3720f977a91608d7f2fe0454a3156062536bc50bdc991ba3ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\depub.exe

Filesize
16KB

MD5
b74ec07ae016d859498a1db6647ff960

SHA1
99a93382b55dc26d83e95622f2629a9ef2073856

SHA256
83544b36fda84d31541d60db12576c5be2c6fad5514604a6e1c8d4a9ac046304

SHA512
a8b1e57b088a845e6eb82fe335236b5b92dcf720cedbe142106135b7312250e07279a499788cf832f91c6a13098185f3b95eb887a01ed4144da28e2373e97e00

Download Submit
C:\Users\Admin\AppData\Local\Temp\depub.exe

Filesize
36KB

MD5
e9548c807ba67c9f2ce65a0718387082

SHA1
0656b93b6727c3bca74f9dcad25a0d014bba6ebb

SHA256
4925f73df86bdf00c07490a0eaa10ed4f31a77abd2fe752cb63d23c543a06d5a

SHA512
7c1fe0b5a707409bbc654a4a9fc75b7e94177c8ab11c747644682908506347974a88598f8690095fe107d83db83b25244a7bbb5988a356749d32cbeff52c49e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\depub.exe

Filesize
5KB

MD5
3492a8dd91a8f4c6ca8fbde9ba72b86e

SHA1
974575f4591d8c242d28817c21d70af26d047268

SHA256
429216739434f962466e07fc6c400e711204f57025f5d75957d131801bbaadf8

SHA512
c773ea2612ca7f2da0d8d70947642c1c3e69d569048b998c618312d444e230950d2eb3168ea2c286a75a9527fb6a1b49f1524f9a80282301e826eea17a200577

Download Submit
C:\Users\Admin\AppData\Local\Temp\golfinfo.ini

Filesize
512B

MD5
26ab5ed04cf5cf30c6e93cf0df42c6fc

SHA1
79bcaa474816cfb32843f12bcdf28a03e9b0a289

SHA256
c41b84d6782effd40fcd521c049e2d6e96471d9c6ba7e332ed00da12cecab899

SHA512
724026e310e44d31028534108113cacb102d2cc48f3d70bfa0fe6dafdd8f51b7a3320d470065edd2ae93f9682d0f4c2ec93c88b0df0866ae9ed704a0bcf9f1eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\neyjv.exe

Filesize
74KB

MD5
7d0012d90099cae797e9db42a37424ec

SHA1
a022b0ca05d0c97f9be93a2ef8abf56099d6bc27

SHA256
6750d6a06c427811df153688758bb653d7177f68aa6cccc7ca2c985ab6f8a0e0

SHA512
71be5c76393d5ef8f7f7c8ef6eb213e2ca216f7210c68358450e6f3833fca5323e1b1711f4c504c1cad46d29e1e69e27459086619c0a644528aa67db5cd02a0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\neyjv.exe

Filesize
24KB

MD5
ad98f94458205d5c3e2db39260fa32a5

SHA1
7bd7abc6354e47c33a6a984de8e453fc5210f8d7

SHA256
b7691c58fe63d7972ee31950367889d3db32acb66fefdfea1d105fe808795f55

SHA512
28864ea6f90eb62a889e8d447e4ea0c882308d62eb0b3b62d5c3293408ecad4c0ad4043adc26a8384150b021979d8efbda47d01a8edcbf283ba6d3e97857ea94

Download Submit
C:\Users\Admin\AppData\Local\Temp\neyjv.exe

Filesize
96KB

MD5
0683b669410723ae6518d8916602f14b

SHA1
fc415272761d985587a2882f0f55982c15d250e7

SHA256
16a851eeae796b4d77f5332c0a47fb97c7ddf9abcfdd924858173a4df6241e10

SHA512
7574597397431c5a57f03fc71b7fe0a3e60027a4eef577762eeeb56bfd53333ed35bfcd27d83421257b68bbeaa20df4aa6ce3a44ab6fe75441df071fe1bd8d6c

Download Submit
memory/2028-32-0x00000000001F0000-0x00000000002AB000-memory.dmp

Filesize
748KB

Download
memory/2028-27-0x0000000001260000-0x0000000001262000-memory.dmp

Filesize
8KB

Download
memory/2028-26-0x00000000001F0000-0x00000000002AB000-memory.dmp

Filesize
748KB

Download
memory/2028-31-0x00000000001F0000-0x00000000002AB000-memory.dmp

Filesize
748KB

Download
memory/2028-29-0x00000000001F0000-0x00000000002AB000-memory.dmp

Filesize
748KB

Download
memory/2028-30-0x00000000001F0000-0x00000000002AB000-memory.dmp

Filesize
748KB

Download
memory/3588-0-0x00000000000A0000-0x0000000000126000-memory.dmp

Filesize
536KB

Download
memory/3588-14-0x00000000000A0000-0x0000000000126000-memory.dmp

Filesize
536KB

Download
memory/4712-12-0x00000000005B0000-0x0000000000636000-memory.dmp

Filesize
536KB

Download
memory/4712-25-0x00000000005B0000-0x0000000000636000-memory.dmp

Filesize
536KB

Download