Analysis
-
max time kernel
93s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
02-02-2025 07:26
General
-
Target
9e99c8754d40a65b0b5f6c0691209dc8eb10de70614ae6b043624eed52260199.exe
-
Size
78KB
-
MD5
e4ec962e39ab93eb8986a7052b6769ad
-
SHA1
1c9486fb619b56e64f9641ab41e4633851d6c398
-
SHA256
9e99c8754d40a65b0b5f6c0691209dc8eb10de70614ae6b043624eed52260199
-
SHA512
2570d1e3d577f5a7e0ae2552c65d1e731a462cb8ef99823758ef23ac9d859da2a493e0316d91aa563eaab8d7175dce21d849a6c8e28c5679c2b939050af8df41
-
SSDEEP
1536:Zfhb7GkpDbdVIoCyWW9T9oNpiS0o3SKZREpKn:PPNdbdOopN5YpiK7n
Malware Config
Extracted
urelas
218.54.28.139
121.88.5.183
Signatures
-
Urelas
Urelas is a trojan targeting card games.
-
Urelas family
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9e99c8754d40a65b0b5f6c0691209dc8eb10de70614ae6b043624eed52260199.exe"C:\Users\Admin\AppData\Local\Temp\9e99c8754d40a65b0b5f6c0691209dc8eb10de70614ae6b043624eed52260199.exe"1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Aisder.exe"C:\Users\Admin\AppData\Local\Temp\Aisder.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sanfdr.bat" "2⤵
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
78KB
MD5f7c5a8a4657bb49f5c47644b1a3e9249
SHA17cc30ca1fcdc46fb41a4889e3743b12360d45876
SHA25626bdeeb76d4783477f5f00f41e0b3e9f48223aeec2a53bd844f1a09d2d03ef4b
SHA512b39bb472fd2f8c6b0c3bf2f176af13be7e8401af61dda3c1d9320e813380392df6bbe69166adc9d1e90333d6df7ffb0dcd2351e2797b9b4d414152e39ea0e3cb
-
Filesize
512B
MD58505d593f1deae83971df678092607b9
SHA1aa4b75b4893a8751a57055ec7523b173a63c4e94
SHA2568401a9f1b2d296088ae824e9b36ce828f3eaef53ee2e6d9e40319eec64f1ca99
SHA51201f6e17fc186d8245a931f2e3c40464a52717d625ab5dde34bca99ced0bdf9900fbffc3e78ff39da5ffd67b0b73c069a5c02ea1e6d72dc499b68e95f6fb40d77
-
Filesize
338B
MD564846677dc3bb595ca728ab2ebf170a0
SHA147a38887363508fe1b5b7094ff9e0c96faf81f99
SHA25667649a1f3aae13073ba195e1562226f3a99ab100673fd3e9924d1a4bdadd5a11
SHA512654a5c15ffde008a1f1da9ba1411d7b5cbc34acb9056b5800f3f268372b6af4b2ef2d71b70fb986adf5bb7cd87eb31bf2f2e24ea7ae70f6f63424ee83d8e93d9
-
Filesize
188KB
-
Filesize
188KB
-
Filesize
188KB
-
Filesize
188KB
-
Filesize
188KB