Overview

overview

10

Static

static

10

b586360358...fd.exe

windows7-x64

10

b586360358...fd.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b58636035899bbbb9280a93a30e8b978592b73a8c7addb788f891e024449f3fd

  • Size

    491KB

  • Sample

    240420-b8tbgsdd25

  • MD5

    0a287ac0c249361596fdf85e768105ac

  • SHA1

    9f5018f53df712b8791670e2c73999a8013d8385

  • SHA256

    b58636035899bbbb9280a93a30e8b978592b73a8c7addb788f891e024449f3fd

  • SHA512

    d8bad6b7ab8314a28bba4aa2557b451e279ec42e4297e391c8b1dc7e09d156c9837c7017465593b8e853fc32c30301f2d30a33d2a8bbd5e68d532cdb994d9643

  • SSDEEP

    6144:LKQipZoO4wTpyFkHTMg7mZD4ioWLolzl7X25DJMGG8mnqYJhht/Uu9ri7bpIa:qpn7Cg7mZD4ioWwtX25DRmqirri2a

Score
10/10
urelasaspackv2trojan

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.226

218.54.31.165

Targets

    • Target

      b58636035899bbbb9280a93a30e8b978592b73a8c7addb788f891e024449f3fd

    • Size

      491KB

    • MD5

      0a287ac0c249361596fdf85e768105ac

    • SHA1

      9f5018f53df712b8791670e2c73999a8013d8385

    • SHA256

      b58636035899bbbb9280a93a30e8b978592b73a8c7addb788f891e024449f3fd

    • SHA512

      d8bad6b7ab8314a28bba4aa2557b451e279ec42e4297e391c8b1dc7e09d156c9837c7017465593b8e853fc32c30301f2d30a33d2a8bbd5e68d532cdb994d9643

    • SSDEEP

      6144:LKQipZoO4wTpyFkHTMg7mZD4ioWLolzl7X25DJMGG8mnqYJhht/Uu9ri7bpIa:qpn7Cg7mZD4ioWwtX25DRmqirri2a

    Score
    10/10
    urelasaspackv2trojan

    • Urelas

      Urelas is a trojan targeting card games.

      trojanurelas

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks