General

  • Target

    89a623e5344581295c1574713a4a7aabc7becbda4dfe8540a748754b7ac912a8

  • Size

    411KB

  • Sample

    240311-3sfh8sca38

  • MD5

    f726b3285fa852dc32f085f711e54b81

  • SHA1

    c425cab673597cb654b9da059778182447f470a3

  • SHA256

    89a623e5344581295c1574713a4a7aabc7becbda4dfe8540a748754b7ac912a8

  • SHA512

    81c30efec5740a94338a4d15bbaeec55b8d9f62f8720956116fae97bff6ffffb742718e7615a8ffa420075ce3abcf48d631eae4352802d1d605a28533ee7a027

  • SSDEEP

    6144:cEo/rmV71+I8ZD/h/vFfhxxQO4B4tqv+Hq/On1NHwBzQ4bed76a3FoSx0bYu:cEo/6YnZVB1rkAqcNAzQCed7J1oS4

Score
10/10

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.226

218.54.31.165

Targets

    • Target

      89a623e5344581295c1574713a4a7aabc7becbda4dfe8540a748754b7ac912a8

    • Size

      411KB

    • MD5

      f726b3285fa852dc32f085f711e54b81

    • SHA1

      c425cab673597cb654b9da059778182447f470a3

    • SHA256

      89a623e5344581295c1574713a4a7aabc7becbda4dfe8540a748754b7ac912a8

    • SHA512

      81c30efec5740a94338a4d15bbaeec55b8d9f62f8720956116fae97bff6ffffb742718e7615a8ffa420075ce3abcf48d631eae4352802d1d605a28533ee7a027

    • SSDEEP

      6144:cEo/rmV71+I8ZD/h/vFfhxxQO4B4tqv+Hq/On1NHwBzQ4bed76a3FoSx0bYu:cEo/6YnZVB1rkAqcNAzQCed7J1oS4

    Score
    10/10
    • Urelas

      Urelas is a trojan targeting card games.

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks