urelas | c048f581df7a53413f2abb679a44d7f2e93a703c0c5c5cc3b037c1daac7ec74d | Triage

Submit
Reports

Overview

overview

Static

static

cad9fd9cbb...86.exe

windows7-x64

cad9fd9cbb...86.exe

windows10-2004-x64

Analysis

max time kernel
0s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2024, 16:53

Sharing

Copy URL Twitter E-mail

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

cad9fd9cbb6118db912f4465eb3fa786.exe

Resource

win7-20231129-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

cad9fd9cbb6118db912f4465eb3fa786.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

2 signatures

150 seconds

Report Analysis Logs

General

Target

cad9fd9cbb6118db912f4465eb3fa786.exe
Size

444KB
MD5

cad9fd9cbb6118db912f4465eb3fa786
SHA1

aaa46a59b9a73766ba461c7f2d00cfbbdb563925
SHA256

c048f581df7a53413f2abb679a44d7f2e93a703c0c5c5cc3b037c1daac7ec74d
SHA512

50d7fa156afe16c03b59776d5b163dd0349abe9de9127195a75943cfd3b3cf58eb413bda0406f3e23610d9ae6133108a26690f6ada3ba0cf584d5051ea884d01
SSDEEP

6144:oEK25f5ySIcWLsxIIW4DYM6SB6v+qLnAzYmhwrxcvkzmSOpjdOx:oMpASIcWYx2U6hAJQnMU

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Signatures

Urelas
Urelas is a trojan targeting card games.
trojan urelas
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Processes

C:\Users\Admin\AppData\Local\Temp\cad9fd9cbb6118db912f4465eb3fa786.exe
"C:\Users\Admin\AppData\Local\Temp\cad9fd9cbb6118db912f4465eb3fa786.exe"
1⤵
PID:4296
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_vslite.bat" "
  2⤵
  PID:1148
- C:\Users\Admin\AppData\Local\Temp\lexuc.exe
  "C:\Users\Admin\AppData\Local\Temp\lexuc.exe" hi
  2⤵
  PID:4556

C:\Users\Admin\AppData\Local\Temp\fenoeq.exe
"C:\Users\Admin\AppData\Local\Temp\fenoeq.exe" OK
1⤵
PID:3456
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_vslite.bat" "
  2⤵
  PID:3448
- C:\Users\Admin\AppData\Local\Temp\xokod.exe
  "C:\Users\Admin\AppData\Local\Temp\xokod.exe"
  2⤵
  PID:1512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1512-37-0x0000000000D10000-0x0000000000D11000-memory.dmp

Filesize
4KB

Download
memory/1512-35-0x0000000000470000-0x0000000000510000-memory.dmp

Filesize
640KB

Download
memory/1512-41-0x0000000000470000-0x0000000000510000-memory.dmp

Filesize
640KB

Download
memory/1512-42-0x0000000000470000-0x0000000000510000-memory.dmp

Filesize
640KB

Download
memory/1512-43-0x0000000000470000-0x0000000000510000-memory.dmp

Filesize
640KB

Download
memory/1512-44-0x0000000000470000-0x0000000000510000-memory.dmp

Filesize
640KB

Download
memory/1512-45-0x0000000000470000-0x0000000000510000-memory.dmp

Filesize
640KB

Download
memory/3456-38-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download
memory/4296-0-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download
memory/4296-15-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download
memory/4556-24-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download

© 2018-2025

Terms | Privacy