urelas | ec7d6d3ac17ffbcff24403e02f18a154d1e6d3d9863e39cc64a44d84a57f547a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

2f0b1fb4d2...18.exe

windows7-x64

2f0b1fb4d2...18.exe

windows10-2004-x64

Sharing

General

Target

2f0b1fb4d20ccd898c3de977f628ecd4_JaffaCakes118
Size

632KB
Sample

241009-lxh2gs1dma
MD5

2f0b1fb4d20ccd898c3de977f628ecd4
SHA1

863f84545c6f215e18387e0d08587ff89e8321c2
SHA256

ec7d6d3ac17ffbcff24403e02f18a154d1e6d3d9863e39cc64a44d84a57f547a
SHA512

e7abce7dc19971e861afde0ab4d0606ce65c3db096369a0ee11f9431eca3d058e122568f218f18c83b431d666bfbb350dcda0c186755b8e8279765244c3b7528
SSDEEP

12288:RU7M5ijWh0XOW4sEf9OTijWh0XOW4sEfst:RUowYcOW4a2YcOW4Q

Score

10^/10

urelas aspackv2 discovery trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2f0b1fb4d20ccd898c3de977f628ecd4_JaffaCakes118.exe

Resource

win7-20240903-en

urelas aspackv2 discovery trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

2f0b1fb4d20ccd898c3de977f628ecd4_JaffaCakes118.exe

Resource

win10v2004-20241007-en

urelas aspackv2 discovery trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

Targets

- Target
  
  2f0b1fb4d20ccd898c3de977f628ecd4_JaffaCakes118
- Size
  
  632KB
- MD5
  
  2f0b1fb4d20ccd898c3de977f628ecd4
- SHA1
  
  863f84545c6f215e18387e0d08587ff89e8321c2
- SHA256
  
  ec7d6d3ac17ffbcff24403e02f18a154d1e6d3d9863e39cc64a44d84a57f547a
- SHA512
  
  e7abce7dc19971e861afde0ab4d0606ce65c3db096369a0ee11f9431eca3d058e122568f218f18c83b431d666bfbb350dcda0c186755b8e8279765244c3b7528
- SSDEEP
  
  12288:RU7M5ijWh0XOW4sEf9OTijWh0XOW4sEfst:RUowYcOW4a2YcOW4Q
Score

10^/10

urelas aspackv2 discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasaspackv2discoverytrojan

behavioral2

urelasaspackv2discoverytrojan

© 2018-2025

Terms | Privacy