urelas | 000aad8a385414faa642dd6b58984a6a_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

000aad8a385414faa642dd6b58984a6a_JC.exe
Size

321KB
MD5

000aad8a385414faa642dd6b58984a6a
SHA1

1391628915a550f4a264803a8b36bde58580b5bf
SHA256

892b4df9443b098e8224c335ffdd603b86606f93bb22544f975abf98da6b5623
SHA512

a89cd15c12b464bba537cee8e71368f59019ba75cdde91edd522dacfee7d14cf6d85844b50ae2f2989b305beb51747443df142b67246393078442a6e68b21b77
SSDEEP

3072:rxaUGgaj2Vg3lgoShZ3hzm0cpTL2IwC7RPcAGPns1sTO1iTS:14lfovm0cpTLrpxcAGGsTXTS

Score

10^/10

urelas

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.165

218.54.31.226

Signatures

Urelas family
urelas

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
000aad8a385414faa642dd6b58984a6a_JC.exe

Files

000aad8a385414faa642dd6b58984a6a_JC.exe
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pb
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE