General

  • Target

    408d2be1a9401974acfb4503ba6b09cad8acef5f3156f172df2431f487906068

  • Size

    339KB

  • Sample

    240311-zqp34sgb57

  • MD5

    570175020c35122561cc0bb02a630761

  • SHA1

    f680ff51cc89c8b584f985dfb112812fa5139527

  • SHA256

    408d2be1a9401974acfb4503ba6b09cad8acef5f3156f172df2431f487906068

  • SHA512

    cb2cfcd65f8a49f3c5d675b25b63323a31fb305ff7d817c922999168e03719e82bd4f533edfd7a330b2b3a3464a4a6b8c969245c21972ae2c1c010cb2d139eed

  • SSDEEP

    6144:b/qE9d70WIH9wFHf+MQYVA5TDT44zuQOIFlUMazNWHT7++:uGIWiiHWnesT/483OciyZ

Score
10/10

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.226

218.54.31.165

Targets

    • Target

      408d2be1a9401974acfb4503ba6b09cad8acef5f3156f172df2431f487906068

    • Size

      339KB

    • MD5

      570175020c35122561cc0bb02a630761

    • SHA1

      f680ff51cc89c8b584f985dfb112812fa5139527

    • SHA256

      408d2be1a9401974acfb4503ba6b09cad8acef5f3156f172df2431f487906068

    • SHA512

      cb2cfcd65f8a49f3c5d675b25b63323a31fb305ff7d817c922999168e03719e82bd4f533edfd7a330b2b3a3464a4a6b8c969245c21972ae2c1c010cb2d139eed

    • SSDEEP

      6144:b/qE9d70WIH9wFHf+MQYVA5TDT44zuQOIFlUMazNWHT7++:uGIWiiHWnesT/483OciyZ

    Score
    10/10
    • Urelas

      Urelas is a trojan targeting card games.

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks