Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6802f9f362859b8a09160f8f3e6b5ba2f51784cc6e401988a97b1c479d1e20afN

  • Size

    331KB

  • Sample

    241019-teaw6athmd

  • MD5

    9fd6537818e61391607138374af578f0

  • SHA1

    0d1cbc6e7e8adc370f2d39905eba9a6dd5b70fbd

  • SHA256

    6802f9f362859b8a09160f8f3e6b5ba2f51784cc6e401988a97b1c479d1e20af

  • SHA512

    986c0471660ed5be9512cc7a87f726f70354fde4268fc41f4fcc1edba74c1a80d1a257a0741cef96e248e8db1c8999e3cb6d034af74ea1b53b8dcafbba9ca1be

  • SSDEEP

    3072:NdXi+V5Kgxpdxj8gbib20xTyst542t8ZHWBow8+zoB91wDQgJl0x2AEMenKbZisG:Nd7rpL43btmQ58Z27zw39gY2FeZhmzr

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

    • Target

      6802f9f362859b8a09160f8f3e6b5ba2f51784cc6e401988a97b1c479d1e20afN

    • Size

      331KB

    • MD5

      9fd6537818e61391607138374af578f0

    • SHA1

      0d1cbc6e7e8adc370f2d39905eba9a6dd5b70fbd

    • SHA256

      6802f9f362859b8a09160f8f3e6b5ba2f51784cc6e401988a97b1c479d1e20af

    • SHA512

      986c0471660ed5be9512cc7a87f726f70354fde4268fc41f4fcc1edba74c1a80d1a257a0741cef96e248e8db1c8999e3cb6d034af74ea1b53b8dcafbba9ca1be

    • SSDEEP

      3072:NdXi+V5Kgxpdxj8gbib20xTyst542t8ZHWBow8+zoB91wDQgJl0x2AEMenKbZisG:Nd7rpL43btmQ58Z27zw39gY2FeZhmzr

    • Urelas

      Urelas is a trojan targeting card games.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks