Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    55e1755918b13926b86e119a2458060f3274e55a546ad9f4de0e6a51d4ce269bN

  • Size

    80KB

  • Sample

    241020-3kgfkawhpe

  • MD5

    676ab0111fac160545f4a721c50cda50

  • SHA1

    8e8550c8fd776e49c668011275fe553324d66633

  • SHA256

    55e1755918b13926b86e119a2458060f3274e55a546ad9f4de0e6a51d4ce269b

  • SHA512

    d2103e405811321d638e24cfc4c054cd4543538041d282f3a2157635b369845f8f43e2485c940303f78307a10ef05eaaac8768b62ac35edf8dae478359897641

  • SSDEEP

    1536:9HxkDvWdB7O9dKymMyCMGni2Lz1LaRQLDEC:9RkjWjK9ABpGzlaRQLL

Malware Config

Extracted

Family

urelas

C2

218.54.47.77

218.54.47.74

Targets

    • Target

      55e1755918b13926b86e119a2458060f3274e55a546ad9f4de0e6a51d4ce269bN

    • Size

      80KB

    • MD5

      676ab0111fac160545f4a721c50cda50

    • SHA1

      8e8550c8fd776e49c668011275fe553324d66633

    • SHA256

      55e1755918b13926b86e119a2458060f3274e55a546ad9f4de0e6a51d4ce269b

    • SHA512

      d2103e405811321d638e24cfc4c054cd4543538041d282f3a2157635b369845f8f43e2485c940303f78307a10ef05eaaac8768b62ac35edf8dae478359897641

    • SSDEEP

      1536:9HxkDvWdB7O9dKymMyCMGni2Lz1LaRQLDEC:9RkjWjK9ABpGzlaRQLL

    • Urelas

      Urelas is a trojan targeting card games.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks