Analysis
-
max time kernel
117s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
16-11-2024 01:39
General
-
Target
b17de79fe99a08b69e342af556f9169eb04933003fb9fce745bf63ae01c9157e.exe
-
Size
67KB
-
MD5
50c120558fb0abc6c421072bdd0f0032
-
SHA1
8ff8418beb040c5c9f66202abea3b7a339ae4f7a
-
SHA256
b17de79fe99a08b69e342af556f9169eb04933003fb9fce745bf63ae01c9157e
-
SHA512
6f03f6c3dba2c4c6e23e97dd345d0b764cd31b41eb34e35db786718a233528b5903b3e817641de80dc9b5c61fac454d8a525904ce95da5499e68c6d3750c1809
-
SSDEEP
1536:v6fqsAPQYGmPzmZDDZrV8sMQXGkfn33n7z5WeIuhCarU:yLAYUzmdD0sMQl7d7IuhCag
Malware Config
Extracted
urelas
218.54.47.76
218.54.47.77
218.54.47.74
Signatures
-
Urelas
Urelas is a trojan targeting card games.
-
Urelas family
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b17de79fe99a08b69e342af556f9169eb04933003fb9fce745bf63ae01c9157e.exe"C:\Users\Admin\AppData\Local\Temp\b17de79fe99a08b69e342af556f9169eb04933003fb9fce745bf63ae01c9157e.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\biudfw.exe"C:\Users\Admin\AppData\Local\Temp\biudfw.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\sanfdr.bat" "2⤵
- Deletes itself
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
512B
MD51c9b2720af0ca9528b47898d9c7f4799
SHA180495f16e333f54ecc700252323c2a7cb7d751e1
SHA256d1ea9a17b5a635a121e82e7963d3b134f74050da9debcd40c9622f50c5d38fe5
SHA5125afe876f2cd887458656b1747bce08d03f26ef286bcc83efa93e0111be856d0564bee4d6ef5637c167626bac121f7371b69c7952502d47784ac9ad568bf53eac
-
Filesize
338B
MD59ad71aedcbac6e3589e904b7845ba34d
SHA1cd56885a4679e6eef2f5a78dfe9b9ed39f5dd625
SHA2566cdf3504e1cdadee4813c85ec1a09785e5f0f97de0f61f3a2f6ea2aafca38674
SHA512b7e7ca586af49d814e196683e917478cb03ba2b1a86f90f9ca641cf42e1996914242fff07ac15cffdb13842e482b5c9111f0780aa91b74d8b232e134ae8fa7ab
-
Filesize
67KB
MD5ae11f1d83f5c00001e26f448bc50d0cc
SHA1a9b29e7bcac062557654853568496b0a9dae9a08
SHA256ad3f250544e04d0a822bfd3e8a201ae0978199c69ced21c34474ac40b6a0ba63
SHA5123cbc629e34c070277f1a60b11b6bb2e4b20eefba827f942163fee8fbf5042f656a2a1727c06cf97da838e42b99b51b4f6b89a6835a39396cd66a0163d8a396f5
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB