General

  • Target

    2e7839f38e45fa0039c5815659904f2269b325c99c816c0ec0aeca0b8759a650

  • Size

    173KB

  • Sample

    240311-yzpm9sfb74

  • MD5

    ec726110329ba1718927e01c2ba7ee40

  • SHA1

    cf825d7d9d67b6205ce684621f21f2de6fe42e86

  • SHA256

    2e7839f38e45fa0039c5815659904f2269b325c99c816c0ec0aeca0b8759a650

  • SHA512

    ebe5fde94037d71198a409c4804115f36dd10ea3a6594cb0af1d2e33f7fcfc8c9fe7b7bae3f55d4230a4437acbdbffc6acda7e65a5d082342894220c65ddda53

  • SSDEEP

    3072:BHuEwR712EBM6Fz/SYTWj5Yw7j68tefPCWuLNfO:BHuXRZdBMTYTOYc68+34FO

Score
10/10

Malware Config

Extracted

Family

urelas

C2

218.54.47.77

218.54.47.74

Targets

    • Target

      2e7839f38e45fa0039c5815659904f2269b325c99c816c0ec0aeca0b8759a650

    • Size

      173KB

    • MD5

      ec726110329ba1718927e01c2ba7ee40

    • SHA1

      cf825d7d9d67b6205ce684621f21f2de6fe42e86

    • SHA256

      2e7839f38e45fa0039c5815659904f2269b325c99c816c0ec0aeca0b8759a650

    • SHA512

      ebe5fde94037d71198a409c4804115f36dd10ea3a6594cb0af1d2e33f7fcfc8c9fe7b7bae3f55d4230a4437acbdbffc6acda7e65a5d082342894220c65ddda53

    • SSDEEP

      3072:BHuEwR712EBM6Fz/SYTWj5Yw7j68tefPCWuLNfO:BHuXRZdBMTYTOYc68+34FO

    Score
    10/10
    • Urelas

      Urelas is a trojan targeting card games.

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks