General

  • Target

    723ef8a0372f679542e74db623846f7fd1671aa4a5f3dadcb9e3e93433f14f92

  • Size

    417KB

  • Sample

    240311-2r3rpsag56

  • MD5

    fcf16f27050eae442be46d7f0272c88d

  • SHA1

    1f38a36110c053c70573a8d7297aa4bacb71d23d

  • SHA256

    723ef8a0372f679542e74db623846f7fd1671aa4a5f3dadcb9e3e93433f14f92

  • SHA512

    560fc8ec67f805dbcbdc9d65ac9648deaf441b2408f3a12551c6b5144e14691baca78d954973efd1aaebdd2677f6d7296333fb00cf3a6d11d26da05b106d54de

  • SSDEEP

    6144:a8efQ6QPJGcLbjg00Hvy9KHAwYUieL1mqDb9cLzVvQMXqDLR4LCIpbH92d:z6QPJGcE0Svy9KhYUieL1zb9IXUaze

Score
10/10

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.226

218.54.30.235

218.54.31.165

Targets

    • Target

      723ef8a0372f679542e74db623846f7fd1671aa4a5f3dadcb9e3e93433f14f92

    • Size

      417KB

    • MD5

      fcf16f27050eae442be46d7f0272c88d

    • SHA1

      1f38a36110c053c70573a8d7297aa4bacb71d23d

    • SHA256

      723ef8a0372f679542e74db623846f7fd1671aa4a5f3dadcb9e3e93433f14f92

    • SHA512

      560fc8ec67f805dbcbdc9d65ac9648deaf441b2408f3a12551c6b5144e14691baca78d954973efd1aaebdd2677f6d7296333fb00cf3a6d11d26da05b106d54de

    • SSDEEP

      6144:a8efQ6QPJGcLbjg00Hvy9KHAwYUieL1mqDb9cLzVvQMXqDLR4LCIpbH92d:z6QPJGcE0Svy9KhYUieL1zb9IXUaze

    Score
    10/10
    • Urelas

      Urelas is a trojan targeting card games.

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks