Extracted

• • Target

    dc35f69980630f102803b43f0387f9d4f3e0ad22aad91046e1ad30fbcf5808d1.exe

  • Size

    87KB

  • MD5

    0e2ef98225649ddb1f8b2f46d3d7be9c

  • SHA1

    977e54e4677fdfa0051893f8b9959fb922d5a9a1

  • SHA256

    dc35f69980630f102803b43f0387f9d4f3e0ad22aad91046e1ad30fbcf5808d1

  • SHA512

    e9603015d410e1d77354c1e8162ca2706546da5915e775bad6740b95e63638a5009e6c7119f19e62f23d937dd3099370763df67d8035c899eb805762e3010d81

  • SSDEEP

    1536:Jz+jIHNv+vsFbwW6dk0QeLb4NMHriBRxiDkURFH0tHEe:JznH976dUCnuniDd0REe

  Score

  10^/10

  urelasdiscoverytrojanupxadwarepersistenceprivilege_escalationstealer

  • Urelas

    Urelas is a trojan targeting card games.

    trojanurelas

  • Urelas family

    urelas

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Event Triggered Execution: Component Object Model Hijacking

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation

  • Executes dropped EXE

  • Loads dropped DLL

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Installs/modifies Browser Helper Object

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2