Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1e747d4f439659ade5ce74171024f4764e58c4ca9ab9b69c375056d9696e1f30N.exe

  • Size

    329KB

  • Sample

    241205-xlxw2stlgp

  • MD5

    d62edbb903c07c03db6f4f4e223100e0

  • SHA1

    0b8d2a884b1be06bac1f0acba5ba440b5170fbe9

  • SHA256

    1e747d4f439659ade5ce74171024f4764e58c4ca9ab9b69c375056d9696e1f30

  • SHA512

    54548e2632999b9fcefaa9468f28b02def72f1cd772308444abe31287d8ea935e1776f58f137dca730523cab3c929633038cec2854ce5ab77ae1ebcb2c26773e

  • SSDEEP

    6144:zPVgqTQ9zAjPGhwLycSURGPp0RCeiYwpPaXRaBAz7jNsNRpxo3UBQE743vopFR:zPhTIzAjPHkUkPLeSPaXRL7xsNRXEFEv

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.226

218.54.31.165

Targets

    • Target

      1e747d4f439659ade5ce74171024f4764e58c4ca9ab9b69c375056d9696e1f30N.exe

    • Size

      329KB

    • MD5

      d62edbb903c07c03db6f4f4e223100e0

    • SHA1

      0b8d2a884b1be06bac1f0acba5ba440b5170fbe9

    • SHA256

      1e747d4f439659ade5ce74171024f4764e58c4ca9ab9b69c375056d9696e1f30

    • SHA512

      54548e2632999b9fcefaa9468f28b02def72f1cd772308444abe31287d8ea935e1776f58f137dca730523cab3c929633038cec2854ce5ab77ae1ebcb2c26773e

    • SSDEEP

      6144:zPVgqTQ9zAjPGhwLycSURGPp0RCeiYwpPaXRaBAz7jNsNRpxo3UBQE743vopFR:zPhTIzAjPHkUkPLeSPaXRL7xsNRXEFEv

    • Urelas

      Urelas is a trojan targeting card games.

    • Urelas family

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks