urelas | Backdoor[.]Win32[.]Plite[.]bhtr-97be51268b30970bff4854d1676c8e629fa30258ac3a95f644ea5fce10439e57 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Backdoor.Win32.Plite.bhtr-97be51268b30970bff4854d1676c8e629fa30258ac3a95f644ea5fce10439e57
Size

174KB
MD5

ecc526f9279a2e4b8eb25ea54636d2a9
SHA1

3558d2e2e1e031ff583a686e980075aa6fa404a4
SHA256

97be51268b30970bff4854d1676c8e629fa30258ac3a95f644ea5fce10439e57
SHA512

ac35b5a336d52a218dd206e6861e29bf474bfc5001d47f4415bea2dd245ddeb2e5ebeb6e0528d376df4a3cbf24602450311eb04e7ce3f3419dbb8f4b0271e157
SSDEEP

1536:JADA0Wbt1931D2P7BWLQ4zR4LUKMcPHFE3HP/GTW65CGEgvpCfcyn37ypL:JADA0Wc7UJ6LZMaHLW65DE8pCEQrypL

Score

10^/10

urelas

Malware Config

Extracted

Family

urelas

C2

112.175.88.208

112.175.88.207

Signatures

Urelas family
urelas

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Backdoor.Win32.Plite.bhtr-97be51268b30970bff4854d1676c8e629fa30258ac3a95f644ea5fce10439e57

Files

Backdoor.Win32.Plite.bhtr-97be51268b30970bff4854d1676c8e629fa30258ac3a95f644ea5fce10439e57
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 69KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

cxbvjsnd
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ