Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    39773c972462e8898701f2d931996050_NeikiAnalytics

  • Size

    339KB

  • Sample

    240510-bnmcfade88

  • MD5

    39773c972462e8898701f2d931996050

  • SHA1

    f2b49a13b5c41ad47530a87d3778ceccef581235

  • SHA256

    180b9d7dd8aa247e09ba8c3251ff59b94696c97ee52d4bab8d649664f9d136c0

  • SHA512

    2d1497fa3500d9a3d98fd98bf4f0fd65199a52d8ba9bee53422a3754a3768094a2441b454dd3aa5783df4552c932dd029a25c511ffdbf98d696f214c7db4eadc

  • SSDEEP

    6144:fn+6ZMDkaGyzBQjBzahZKeKxQ/ynQmvrVn1VZlEE9VX4fzi4Zobv:PMDkaTBcUhZVKmqvTVrZl1Vomz

Score
10/10

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.226

218.54.31.165

Targets

    • Target

      39773c972462e8898701f2d931996050_NeikiAnalytics

    • Size

      339KB

    • MD5

      39773c972462e8898701f2d931996050

    • SHA1

      f2b49a13b5c41ad47530a87d3778ceccef581235

    • SHA256

      180b9d7dd8aa247e09ba8c3251ff59b94696c97ee52d4bab8d649664f9d136c0

    • SHA512

      2d1497fa3500d9a3d98fd98bf4f0fd65199a52d8ba9bee53422a3754a3768094a2441b454dd3aa5783df4552c932dd029a25c511ffdbf98d696f214c7db4eadc

    • SSDEEP

      6144:fn+6ZMDkaGyzBQjBzahZKeKxQ/ynQmvrVn1VZlEE9VX4fzi4Zobv:PMDkaTBcUhZVKmqvTVrZl1Vomz

    Score
    10/10
    • Urelas

      Urelas is a trojan targeting card games.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks