urelas | 30bc6aac70c297dbc3f99cc8330d5cf5e0e67a71f87ed2342279501dae62a69a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3eb1e68377...45.exe

windows7-x64

3eb1e68377...45.exe

windows10-2004-x64

Sharing

General

Target

3eb1e68377fb22d4b531be21ecda0f45
Size

457KB
Sample

240409-17lbxshf5z
MD5

3eb1e68377fb22d4b531be21ecda0f45
SHA1

f2063ab713fb85b60db9bd9a756935ce1b1db294
SHA256

30bc6aac70c297dbc3f99cc8330d5cf5e0e67a71f87ed2342279501dae62a69a
SHA512

37d3c1aaac772a1f2e1811aebcd558681b41b2b21f5eb37a1a1f15cf8a132772a4d6d5ba13d4fc87f5f7f577afa3f2ec9342bb838318cfc7bcfdc73e4e3bf5ef
SSDEEP

6144:r/VW8rQ+dqof6VcVttGhZsXtvmqoI+CNLOnmIbCM2dWwh3gNUie2Jy+5vmSZGpq:ZtaQt+ZsFeI+CSZbyKLe2JPFl

Score

10^/10

urelas aspackv2 trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

3eb1e68377fb22d4b531be21ecda0f45.exe

Resource

win7-20240221-en

urelas aspackv2 trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

3eb1e68377fb22d4b531be21ecda0f45.exe

Resource

win10v2004-20240226-en

urelas aspackv2 trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

Targets

- Target
  
  3eb1e68377fb22d4b531be21ecda0f45
- Size
  
  457KB
- MD5
  
  3eb1e68377fb22d4b531be21ecda0f45
- SHA1
  
  f2063ab713fb85b60db9bd9a756935ce1b1db294
- SHA256
  
  30bc6aac70c297dbc3f99cc8330d5cf5e0e67a71f87ed2342279501dae62a69a
- SHA512
  
  37d3c1aaac772a1f2e1811aebcd558681b41b2b21f5eb37a1a1f15cf8a132772a4d6d5ba13d4fc87f5f7f577afa3f2ec9342bb838318cfc7bcfdc73e4e3bf5ef
- SSDEEP
  
  6144:r/VW8rQ+dqof6VcVttGhZsXtvmqoI+CNLOnmIbCM2dWwh3gNUie2Jy+5vmSZGpq:ZtaQt+ZsFeI+CSZbyKLe2JPFl
Score

10^/10

urelas aspackv2 trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasaspackv2trojan

behavioral2

urelasaspackv2trojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.