urelas | c8e9d09ad447ee95b879b7a55829d94a1aac2ecc6546942b9e08f7e3e5709088

Sharing

Copy URL

Twitter E-mail

General

Target

pepsi (2).rar
Size

4.0MB
Sample

240704-vsjxnazeln
MD5

f350ee1795b1e2cc6394ff72b15d7d95
SHA1

667405d3c3daeacc3ca576176558f4cdb539fc35
SHA256

c8e9d09ad447ee95b879b7a55829d94a1aac2ecc6546942b9e08f7e3e5709088
SHA512

bb6806c8828aa40640519931ce69bbff487e0c97002eb3844de6d1d135d5e50586176b69ab4e6e66b3db94106c7ce514b2bf471604b63c8c41344cd35a6bd799
SSDEEP

98304:S/lah4iAchEqIZfnSG2h6uwWODZN1vxaMC5tcoEO5Aq:S/ezyqIU+RWuZdaMceoyq

Score

10^/10

Malware Config

Extracted

Family

urelas

1.234.83.146

133.242.129.155

218.54.31.226

218.54.31.165

Targets

- Target
  
  [DemonArchives]02602e9283805090b671a783870db86d.exe
- Size
  
  401KB
- MD5
  
  02602e9283805090b671a783870db86d
- SHA1
  
  809ec688610224990ca878201ecbfec4ea38234e
- SHA256
  
  c8ebb05354f37d413f536bb5d9250f18ee2344eae41512152e02d75961226f0d
- SHA512
  
  bfadd5d36d8c469851ae08aad0ab4aff901d96a0db7127eca9f5e534707a09577cdd28e850b95ff2cd0c00faccccce0f5537ce93273ceb5767530464c4969aa9
- SSDEEP
  
  6144:nNCRjh1Gndpui6yYPaIGckfru5xyDpui6yYPaIGckSU05836PGyA7:n6jh8ndpV6yYP4rbpV6yYPg058KrY
Score

10^/10

persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1
- Target
  
  [DemonArchives]0838231d7fbebe340c0ac71db0ef8c87.exe
- Size
  
  398KB
- MD5
  
  0838231d7fbebe340c0ac71db0ef8c87
- SHA1
  
  7ddacab2065a07b3cc15891d019eb6bbfaebb926
- SHA256
  
  3dc24aee494aa1c25f33d147f3d508a2562b1306b6c2e6b68a3aab8d0b55d1f3
- SHA512
  
  45d3702efe177ee6262105bb7e54d60e7bf4e418899f03f3f1d3cad4af9a9290b1a44e24edf77859fbd0c46012875f7dcf82b1d326496015ea486f3e4d38cb3d
- SSDEEP
  
  12288:s0gB6t3XGCByvNv54B9f01ZmHByvNv5imipWf0Aq:9gB6t3XGpvr4B9f01ZmQvrimipWf0Aq
Score

10^/10

persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral2
- Target
  
  [DemonArchives]0ad8190f1160f00fc831fb329262724b.exe
- Size
  
  391KB
- MD5
  
  0ad8190f1160f00fc831fb329262724b
- SHA1
  
  e6e1da6fadf4c91643426744f8b3d58741094d11
- SHA256
  
  a8919549aaa06216b5b2040ea46e739a034439dae3d7f12e8acb3eba03cba2e3
- SHA512
  
  f87bcfbe9b56b51037fd524adb0a575d16a008c4aad9c11088837f90af2d947a1cf8ba99c7a8f6fd6d6f3c6907834bd2facbfefad6eb322d33a0aa4531a91441
- SSDEEP
  
  6144:dcmnugfO/4Zdf69CaAfbAfNtTAfMAfFAfNPUmKyIxLfYeOO9UmKyIxL:dcmuMO/8df6MmNtuhUNP3cOK3
Score

10^/10

persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral3
- Target
  
  [DemonArchives]0bcfb8285b7397bcfc2ffb92a6c5ec9e.exe
- Size
  
  398KB
- MD5
  
  0bcfb8285b7397bcfc2ffb92a6c5ec9e
- SHA1
  
  3c4856f8589081268a4a61d8dce1a54fe199485d
- SHA256
  
  998a90c34cb83856eadfece5c0052715f77fc63fdce2eac18f1b77b2fbfb57a6
- SHA512
  
  92dbc3b60abacae0d5c6cda45d90c8f1b2918506961dc51c40dca6cdff19ffb86c9b3e799372856ac34a62bbdf6aedf093800bdabb3cf1ade0d19655e5e59c62
- SSDEEP
  
  12288:Yxvkwde6t3XGCByvNv54B9f01ZmHByvNv5imipWf0Aq:YxPe6t3XGpvr4B9f01ZmQvrimipWf0Aq
Score

10^/10

persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral4
- Target
  
  [DemonArchives]0dbf8f84a143e3e446242938dfd288ca.exe
- Size
  
  391KB
- MD5
  
  0dbf8f84a143e3e446242938dfd288ca
- SHA1
  
  a4b18e5656d80811ec155f3c1a2058bf1a56a05f
- SHA256
  
  2fcf2ca874d5d9c7b199efeb90f4fb7d49a2530c814a223bd09d0709bf77bb2a
- SHA512
  
  870701aaec92bc893eccf519f5ccf88fdd6e19a4b0db466b9f09ad4cd3d7275b8545ef8cf9283af24ea13e5354724843223f202db26b7b2a8af0d3216dfbcede
- SSDEEP
  
  12288:6KlT9XvEhdfJkKSkU3kHyuaRB5t6k0IJogZ+SZE:R99XvEhdfJkKSkU3kHyuaRB5t6k0IJon
Score

10^/10

persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral5
- Target
  
  [DemonArchives]13bba40208ea1f05d660ffad53c40c8c.exe
- Size
  
  398KB
- MD5
  
  13bba40208ea1f05d660ffad53c40c8c
- SHA1
  
  9673bf830c65e3c4de175b2900f219278747be0d
- SHA256
  
  e270f7d80f0999adf9faec7b4420296162720cbd4eaf1565469637b22449c2c0
- SHA512
  
  c6fdb3391488d0fe113dd7ec15b88dd403c6ba8f6d70ea93da12ef03a25403581a4ca5ed03d7533ae20685584c514cefeb12952546ffb9fa78b1a4fde1efb69c
- SSDEEP
  
  12288:UTz6t3XGCByvNv54B9f01ZmHByvNv5imipWf0Aq:Wz6t3XGpvr4B9f01ZmQvrimipWf0Aq
Score

10^/10

persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral6
- Target
  
  [DemonArchives]1443a4458c2b4af35c618a327b7c411a.exe
- Size
  
  398KB
- MD5
  
  1443a4458c2b4af35c618a327b7c411a
- SHA1
  
  f1305ec2fd753181bf7c46ad4f158eda7792abf2
- SHA256
  
  d7fdceb79120af55c3f7a741d91ad26107724b4e2811489d698e23abcf8ee2eb
- SHA512
  
  32e90a0a9797db215261706e7e92417c42ee87cf8390a8a622c9418b886bd6b2e6ef9e5ad104615525e7f2cce4bf2eaf734d7226544d3091f26d235b9db91571
- SSDEEP
  
  12288:tgLRC6t3XGCByvNv54B9f01ZmHByvNv5imipWf0Aq:tr6t3XGpvr4B9f01ZmQvrimipWf0Aq
Score

10^/10

persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral7
- Target
  
  [DemonArchives]15282a5c1d8e03a448ebc0b70e702a4c.exe
- Size
  
  400KB
- MD5
  
  15282a5c1d8e03a448ebc0b70e702a4c
- SHA1
  
  b0ace68b21297d0e28d9be701ec587f9e0de0cb3
- SHA256
  
  f6375abc46dcbce112a1e3ba861c41334dba32a4957dc4d7ef8b46da979ffadd
- SHA512
  
  1bde2938591cb4eda5e1718b28c69aab9f7b7f978fb583183dafe2a5b630231b13c26f695f510d7a3dd61a53ea843ae8a27bac3967e58b38f5c5a7e306ef2091
- SSDEEP
  
  6144:6u/L2rwCO+xqtDyB8LoedCFJ369BJ369vpui6yYPaIGckvNP9T9pui6yYPaIGckv:7uYtyWUedCv2EpV6yYPaNFZpV6yYPo
Score

10^/10

persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral8
- Target
  
  [DemonArchives]156c78364b84a89c8e61f444c3c620c4.exe
- Size
  
  395KB
- MD5
  
  156c78364b84a89c8e61f444c3c620c4
- SHA1
  
  261feb74784a16e1e874344ba7b58a2147d010c1
- SHA256
  
  3b88c2f43976374821ba11bb4bba5a2efded13646486213538787e44f10ac3bf
- SHA512
  
  c39b598f8d762dd1326c87c6b78fb4f837fb9f713e9f3adc22dcdfe589b94cb984baa289974dfc3887b3815832017738515e41f9e332e917fb7752aa89381e74
- SSDEEP
  
  6144:v44OG5zs4y70u4HXs4yr0u490u4Ds4yvW8lM:3W4O0dHc4i0d90dA4X
Score

10^/10

persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral9
- Target
  
  [DemonArchives]15ff3ff6cb29ac4c66a558d101e37068.exe
- Size
  
  395KB
- MD5
  
  15ff3ff6cb29ac4c66a558d101e37068
- SHA1
  
  5a54059011cd20ef3415fba73ce637231f5995aa
- SHA256
  
  b211748821d6be18fc724ae54016810bda9468556d40dd5e96c4d76b17ed296a
- SHA512
  
  d0820a86e48798e34472bbb9fc3c8434d72955ae3ddb9a86314c077c8c65b8afe65e84e94e08c3b2731b400bd861f3a21c46a8c16a0b99376929002229147d46
- SSDEEP
  
  6144:97Cuz8x0s4y70u4HXs4yr0u490u4Ds4yvW8lM:973AR4O0dHc4i0d90dA4X
Score

10^/10

persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral10
- Target
  
  [DemonArchives]18227e20a5e842198e7271ae54397150.exe
- Size
  
  397KB
- MD5
  
  18227e20a5e842198e7271ae54397150
- SHA1
  
  c14df7a52d6e72bd4dececf81070a32bb0929881
- SHA256
  
  c5bf90a46a2e67b19a200697a81e38071ec90031c6f1131af0d89d4ba2f662e2
- SHA512
  
  4b22ed37f205bede421f462e2497488c09b926b2d68af6442bb88118c63ca36627145d7f854f15ec555be0b3c4c99534d2e864be99f7f37ade4bdee5f9938a0b
- SSDEEP
  
  6144:HbdZN30jAWRD2jvosK6mUzW96mFBuRFzWlH:xgLx67u6quRFzWlH
Score

10^/10

persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral11
- Target
  
  [DemonArchives]1d957e984fcd6327f30f7006e2d11f3e.exe
- Size
  
  396KB
- MD5
  
  1d957e984fcd6327f30f7006e2d11f3e
- SHA1
  
  2bb0d753dbf15cc2bc77ddb65a19af172a2e5719
- SHA256
  
  6f5b438e345b6829c40e96e7a0e1e54d9a0125651606a075d415d5c83f13ab4c
- SHA512
  
  44e5ca8fec50a0526645bdb34e23adfc997ba19675912436435dc6f402993ef6021bda0848a41a2f4ab982f4631b1c7ad7dd8022c215837e4180308aad92c54c
- SSDEEP
  
  6144:WQevw9LshaiB00Bsn4X4s+ZKv3yr4X4743t5P6yC:uwELB+nisK3+i485P5C
Score

10^/10

persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral12
- Target
  
  [DemonArchives]1e2c3685399d381aa04ba4d70651e38b.exe
- Size
  
  391KB
- MD5
  
  1e2c3685399d381aa04ba4d70651e38b
- SHA1
  
  7965ffc8c592b2ca14a7739343611c5b8fd3e70f
- SHA256
  
  0486b9913363db77c3fda63520eb8b6259036f3a9a0b005af80a35b6993e17f9
- SHA512
  
  585b7ecad6a0d9a9ac0ed601b957a09073e52771f4e094b4dbf98ac2ad5a65f291ba87efd8520c11c24a1072bf135735697a9e3fb9d472405d908a664f5604e9
- SSDEEP
  
  6144:65ExJPBIbhJaAfbAfNtTAfMAfFAfNPUmKyIxLfYeOO9UmKyIxL:66kbmNtuhUNP3cOK3
Score

10^/10

persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral13
- Target
  
  [DemonArchives]291b00fb921e80b1cf7e8154693947f0.exe
- Size
  
  396KB
- MD5
  
  291b00fb921e80b1cf7e8154693947f0
- SHA1
  
  e3cf2526ddb2ef16a0b17f353f1a45e235262fc4
- SHA256
  
  ad23e414994b3fd0b5301e15835aab30c7e39af7b53d9f51d354f514c76ee3de
- SHA512
  
  45c2145b0a1260e55734117651f237767d08a759c2b0932ba25bef37b81a95ef977b9ace820fba650f924d44b4dba3412d9f74e3fe920652525cb667ee353e28
- SSDEEP
  
  6144:FGBN2DSpwTQVDshaiB00Bsn4X4s+ZKv3yr4X4743t5P6yC:FGBN2S2QkLB+nisK3+i485P5C
Score

10^/10

persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral14
- Target
  
  [DemonArchives]2b961a5aadff93e0d87b42e530d5a0e1.exe
- Size
  
  397KB
- MD5
  
  2b961a5aadff93e0d87b42e530d5a0e1
- SHA1
  
  6737ce510d0e77b726b9d248aee80653b6c5febb
- SHA256
  
  173aba5362bfe1265f0056ba2fa0eceb40018001e468a58fecf0a06bc9fcd5bd
- SHA512
  
  55a963f65639da9c13a88482d02a766942ba6cce7b5c02de69a3c2fc09d90128a1eb0667d21e577d04621021f8e9c13940efdcc516950ef000b3bed56f0e1380
- SSDEEP
  
  6144:8r5B8rguKyjJFDmV3cWLFM6234lKm3mo8Yvi4KsLTFM6234lKm3pT11Tgkz15814:45BczKlFB24lwR45FB24lzx1skz15L
Score

10^/10

persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral15
- Target
  
  [DemonArchives]2be60b607087d60c5353062345f97789.exe
- Size
  
  400KB
- MD5
  
  2be60b607087d60c5353062345f97789
- SHA1
  
  a34ef8d301141e34c5a87d731885fa338e938665
- SHA256
  
  2e6d6a7e4e003f5ea683bc45820bb3b7649cdaa2cfbdfc429d3781374144a2d3
- SHA512
  
  41333a52ed6565221ae8c10c1def3490c10f56b0e1e09f980cb43e0b3e1a0dbcefeed44bde107e7e7e751498b19e8bafec1baba1de4f4f36f97935a43251d3be
- SSDEEP
  
  6144:BcaJuc4qMyfnp7xPxcs2/5zxxYT52MZM1d:fLrMOnpNPNy5zIM
Score

1^/10
behavioral16
- Target
  
  [DemonArchives]2e23d0d084cd18f08897dfe509bdd4e5.exe
- Size
  
  405KB
- MD5
  
  2e23d0d084cd18f08897dfe509bdd4e5
- SHA1
  
  42d66c425b52b032341ab9674142b43f3cded2ce
- SHA256
  
  9ac3d17d3a16de7d5891380d0bbf8bec802a07bcba4d5cc4922ddcd76dd4d705
- SHA512
  
  4e15b32c8ee0a4aa0e07423ccc246b848fc7762ba1cb27d175a764a6b2c81660575bdd24ae6ecb6edb638ee0fa8bd20a58f26d23f3524bdb61e3490c1264c32d
- SSDEEP
  
  6144:mEPNrnound3J/oHeN+uqljd3rKzwN8Jlljd3njPX9ZAk3fig:mGrn/ZQ4+XjpKXjtjP9Ztx
Score

10^/10

persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral17
- Target
  
  [DemonArchives]2edac22166e0d82bc1c652e331726c85.exe
- Size
  
  398KB
- MD5
  
  2edac22166e0d82bc1c652e331726c85
- SHA1
  
  eac2fcc7fe1516294d174c0e69ca4fb374eedfd8
- SHA256
  
  fe7136141c1a5cac32597cac8580756f43a121a7114382c77e96be3acc574d08
- SHA512
  
  06fb5014eeea70eba927e72bf5de2b64134a477a0963f351e72db7acca171ada5ab946cccfbcfe92f5492fa0a1cfc0764fd61800b33ebbef3c72ab40de777656
- SSDEEP
  
  12288:HEBGdH6t3XGCByvNv54B9f01ZmHByvNv5imipWf0Aq:h6t3XGpvr4B9f01ZmQvrimipWf0Aq
Score

10^/10

persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral18
- Target
  
  [DemonArchives]31c25cdf7b77267744cdc37912e48d6b.exe
- Size
  
  397KB
- MD5
  
  31c25cdf7b77267744cdc37912e48d6b
- SHA1
  
  def43e68f721917ff16efcc4b24cf49762a8a5c2
- SHA256
  
  7d0361afdbc94a5949ad691e84ecc6e21ff0cde3c0b46583a24d08b2df3907a4
- SHA512
  
  9f5ff1c7de947d5646bf810ae6fe35b25dda4d9d51c31b857829e3cad00c59c5b7699d4e406f31e5abb2e49487bd2e61b36549c6f281486b889ed653994a4212
- SSDEEP
  
  6144:+yKbeGItFM6234lKm3mo8Yvi4KsLTFM6234lKm3pT11Tgkz1581hW:+yJGYFB24lwR45FB24lzx1skz15L
Score

10^/10

persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral19
- Target
  
  [DemonArchives]3265873dd9d9c29a8b14f69efb8df4d0.exe
- Size
  
  398KB
- MD5
  
  3265873dd9d9c29a8b14f69efb8df4d0
- SHA1
  
  2c27d280d1b104deaf861a2801477719faa5dc82
- SHA256
  
  14d9335a629e2e50d998c7f4c5862f7dec22ac63ec183f190d243b4b20bf4838
- SHA512
  
  83502b9f428402c89ffc759aa7337a0779da48c4c72f1271d510cd22657e89ff5aab55b24cb226dba99cc6f7fa7b6b6ad7babbe1c7dd98072be616eaba17142d
- SSDEEP
  
  6144:5sLqdufVUNDanfz/LLvmpjE3EaICePt2lcx0vCuV61lhJrNGx39PIW:2FUNDabPupjbaNcx0vCSaZJsd
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral20
- Target
  
  [DemonArchives]34172ec379dab98d177ab7e31d517b1e.exe
- Size
  
  397KB
- MD5
  
  34172ec379dab98d177ab7e31d517b1e
- SHA1
  
  2c40d53f85657f7c156aaf571d89e7955dff5b6a
- SHA256
  
  51975163f93595f49c8e3860d5dc1aadd0c2a1e343670caf06414f2c0fb8a15a
- SHA512
  
  e88ee582e0f8e53566ac1bc5158c13862f0f89a092e8af00db6a93213fb5bf30c56a3d10a37b51e5b0d1419bfecb0b043c7aeed2a64a6a84d366cbfd8534a414
- SSDEEP
  
  6144:mtzlkGFM6234lKm3mo8Yvi4KsLTFM6234lKm3pT11Tgkz1581hW:URHFB24lwR45FB24lzx1skz15L
Score

10^/10

persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral21
- Target
  
  [DemonArchives]4cf4cbd1bc2ef0ddfe3530541ffdd925.exe
- Size
  
  400KB
- MD5
  
  4cf4cbd1bc2ef0ddfe3530541ffdd925
- SHA1
  
  9f59a2b9e007cd1dca5d802409f69f7bc51ba5b0
- SHA256
  
  33af4f8085d1bc3f6a8e96ac99e78d44fb84bb24ba578f7baf61619873ca4f4c
- SHA512
  
  d4ee5a896770370ec519c0da12cbdf2fe15aa7995cf324bdc196444bf3caa017c20e6f0a518b458b8ce5fb41823558ef9bab85c526de81d71f213884919d3f90
- SSDEEP
  
  3072:EVMfMIbIyw3J9U58ZhwwlW+BC3K5eqU+BC3K5eqYroGQd:hfMmc88ZhIK70K7P
Score

1^/10
behavioral22
- Target
  
  [DemonArchives]54b9e4e56454226484e80fd01ca03131.exe
- Size
  
  398KB
- MD5
  
  54b9e4e56454226484e80fd01ca03131
- SHA1
  
  4fe51686f1184796896952a837006d6a71973c59
- SHA256
  
  2f04032d41572a957bab7fcb8f2162af3497e6433d1f3ee196aee53e5ef1b85f
- SHA512
  
  4b401335e5e3e6ee409e44b6cef18023a2c70459fdab52f877e4b60793f9fc2a47551fa9ffc93f754fd4d0a1642fb8cfcc60ef8e79a7a71c0fc29b2c21324c66
- SSDEEP
  
  6144:AonzSJT/4DO/B52pRr3zmiTVVmVVV8VVNVVVcVVVxVVVPVVlVVVRVVVtVVWV60jJ:XnOJj4DO/B52nZP5
Score

9^/10

ransomware
- Renames multiple (3435) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral23
- Target
  
  [DemonArchives]9a4605cedcda1924728fbe58d429915f.exe
- Size
  
  400KB
- MD5
  
  9a4605cedcda1924728fbe58d429915f
- SHA1
  
  eac143f67589a900234876fb0e5c2df34e76412e
- SHA256
  
  09f8125958d3ce3b61ee0dea070ddb56c68c0fe00aa390f978aa9eab17c79e68
- SHA512
  
  af85eb441e8cc8adcd641cb974320b870ce5ac9e2ed642dbbfba34de548548a32e4e02e30d8e0e62cb11d7b3d4bf04e17d1e5b4fa8162868498a508c4ede6784
- SSDEEP
  
  12288:2OjlYV9qtyWUedCv2EpV6yYPaNFZpV6yYPo:24l89fWUSAWQZWo
Score

10^/10

persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral24
- Target
  
  [DemonArchives]a2113a088085d07d2d7688ab2b0914d3.exe
- Size
  
  399KB
- MD5
  
  a2113a088085d07d2d7688ab2b0914d3
- SHA1
  
  d782d1f3fac232b34cdde024b8bbfe2284f7ffe6
- SHA256
  
  a55fe6993340d8be732d319c53e0605173924f3496b139d17804802e4b2c8bbb
- SHA512
  
  8e5620596d0a998ecefd01a7ac37925590f5c327952d8da209a3a6d27f602cd673777740cc39a83ddab522752e346aeb59d0845319d47ed848ce9c773ee97cd5
- SSDEEP
  
  6144:pBQmrW2tgBdgzDEXE6NJsjwszqjwszeXwNJsjwszIjwszeXtjwszeXm:pBdc8sajMjejCjaj
Score

10^/10

persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral25
- Target
  
  [DemonArchives]aa18a0770ed7d03bddfb00e126fbbba5.exe
- Size
  
  400KB
- MD5
  
  aa18a0770ed7d03bddfb00e126fbbba5
- SHA1
  
  937eaa6a706491848d08e8dd5754819a21643719
- SHA256
  
  f22e843420fcffffc6b326d0118c0c909546e851a60e85b67e54dfdbac74dedd
- SHA512
  
  5b4b7560937a33aa7f1c31fee21db306ff14bd33cddf833ce354dcae8d5cba753feb8ad82bccae5ffdd80df214f344efd8704aae69e76fb248a176462a029de8
- SSDEEP
  
  6144:V9OfIvx7qP+o9vPHOVd2/UZdLAY/Xr4Br3CbArLAZ26RQ8sY6CbArLAY/9bPk6Cj:VAU7cHXSRrgryg426RQagrkj
Score

10^/10

persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral26
- Target
  
  [DemonArchives]ac7cf64a560bda15c281c43780b8d5bb.exe
- Size
  
  397KB
- MD5
  
  ac7cf64a560bda15c281c43780b8d5bb
- SHA1
  
  ad0ef6ef2bc2566014dcb3f4e003afb13ea000fd
- SHA256
  
  7b8c5eb7df9f7235af19cbcf5d00d5945eea155032200ba421095dfda77b4a57
- SHA512
  
  a0b92facc10e0f20bab202393339e088160694449be8ad840784be7c0eb6b81ed5527885512ebdc2903f096bb3c84e1b4396fad3b5c6d14bd6ed58272cfe7649
- SSDEEP
  
  6144:nZENBxOFM6234lKm3mo8Yvi4KsLTFM6234lKm3pT11Tgkz1581hW:3FB24lwR45FB24lzx1skz15L
Score

3^/10
behavioral27
- Target
  
  [DemonArchives]af6fb7fbf240ae2f6490766919b26325.exe
- Size
  
  391KB
- MD5
  
  af6fb7fbf240ae2f6490766919b26325
- SHA1
  
  7db749d16a09da11159a977a3984362a8e7ec5a6
- SHA256
  
  862eb8913c23ba5677c8263f1d4196a98668990eb4a9549a211a56e39df0f29c
- SHA512
  
  510bee24e2ea35bc7380cb17f39717666b4ded4b905a2619b3612897e3a09fbd478be3d61fca5bd423797051280d43d9d5c5854c3b5c508066ded4e3a7349154
- SSDEEP
  
  12288:kQoKT9XvEhdfJkKSkU3kHyuaRB5t6k0IJogZ+SZE:kQr9XvEhdfJkKSkU3kHyuaRB5t6k0IJm
Score

10^/10

persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral28
- Target
  
  [DemonArchives]b09a0cd1c32edf39308043eed7889449.exe
- Size
  
  397KB
- MD5
  
  b09a0cd1c32edf39308043eed7889449
- SHA1
  
  f7d71b9e34e82a4514574952b118581e9c27da6a
- SHA256
  
  749cbb97fc4049f021acb18c42e0845361a2a7d7fae50f3c9fe9aba87bbf492f
- SHA512
  
  d1d1f7178a7961711d0c9145ff498ca5f77b6f751705c7681b88ad308279dd455e167975abf52bbda398f5d500689281b72df034b3f8820fad5976068135fcdb
- SSDEEP
  
  6144:kz2Y30jAWRD2jvosK6mUzW96mFBuRFzWlH:YCLx67u6quRFzWlH
Score

10^/10

persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral29
- Target
  
  [DemonArchives]b1d6b726bf6ac63749e5eba6b5c7694c.exe
- Size
  
  394KB
- MD5
  
  b1d6b726bf6ac63749e5eba6b5c7694c
- SHA1
  
  277f12fb1583b2996f67dd8276df3f5db79cd1a6
- SHA256
  
  8ffef1554685604bf346da838d7d7477f9a9eecec52ce86a29e5db6c5cf6cc75
- SHA512
  
  62d271e31c9bd3fcc1708202d636ae3635afc1b922d048cdfe41c0f2fe509d2ba8c7f3586c1738a6ee7bfd8dce0910496104177b4239218d9c9960386e64d362
- SSDEEP
  
  6144:pzwArTEDSCs5wL0DKlpn/URBudL7qRBpkvfsModogZ/SvnDTH9QRO:pMmQDSCs5wo0e8L7qRbQUugennHGO
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral30
- Target
  
  [DemonArchives]b3c170550a1efdf268632916e95ad1ec.exe
- Size
  
  398KB
- MD5
  
  b3c170550a1efdf268632916e95ad1ec
- SHA1
  
  22fbb9a132f0535d7ec18981f2bc573802fb714f
- SHA256
  
  f0add0560585cc43f7f5b6d538cd293a06e6e7cc2367b79ad9bffa39a3c20637
- SHA512
  
  be4af3dfeae639d1bf746825a5a66e34606d141964983c857e78ca54223e3b5fb1233b1a4da2dd64dbfce1e74c52ba86e6cf4b57e1a764160ca0b0439f2567f6
- SSDEEP
  
  12288:reK06t3XGCByvNv54B9f01ZmHByvNv5imipWf0Aq:rg6t3XGpvr4B9f01ZmQvrimipWf0Aq
Score

10^/10

persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral31
- Target
  
  [DemonArchives]b83b3408e6ade0a5c61c5870208000ae.exe
- Size
  
  391KB
- MD5
  
  b83b3408e6ade0a5c61c5870208000ae
- SHA1
  
  7115cde4432a9c08c8258e628dbfb58c7ebe30d3
- SHA256
  
  13e98d38990b7a1891123acc6b118f3ad99ae2ef56951708efbf28f631b74b46
- SHA512
  
  3bdd7624b24ebbae887d1a095c48f3646277210b0cfaea6b6f1b592b574fd5fe4a6919b120681f37f256185dddbe8f809cec9e6ed98cdcde6a77daca6fc97994
- SSDEEP
  
  12288:V4xGIbcT9XvEhdfJkKSkU3kHyuaRB5t6k0IJogZ+SZE:VxyU9XvEhdfJkKSkU3kHyuaRB5t6k0Io
Score

10^/10

persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Modify Registry

T1112

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Adds autorun key to be loaded by Explorer.exe on startup

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

Adds autorun key to be loaded by Explorer.exe on startup

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

Adds autorun key to be loaded by Explorer.exe on startup

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

Adds autorun key to be loaded by Explorer.exe on startup

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

Adds autorun key to be loaded by Explorer.exe on startup

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

Adds autorun key to be loaded by Explorer.exe on startup

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

Adds autorun key to be loaded by Explorer.exe on startup

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

Adds autorun key to be loaded by Explorer.exe on startup

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

Adds autorun key to be loaded by Explorer.exe on startup

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

Adds autorun key to be loaded by Explorer.exe on startup

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

Adds autorun key to be loaded by Explorer.exe on startup

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

Adds autorun key to be loaded by Explorer.exe on startup

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

Adds autorun key to be loaded by Explorer.exe on startup

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

Adds autorun key to be loaded by Explorer.exe on startup

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

Adds autorun key to be loaded by Explorer.exe on startup

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

Adds autorun key to be loaded by Explorer.exe on startup

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

Adds autorun key to be loaded by Explorer.exe on startup

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

Adds autorun key to be loaded by Explorer.exe on startup

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

Modifies visiblity of hidden/system files in Explorer

Executes dropped EXE

Loads dropped DLL