General

  • Target

    00647c3b9107c89d403ae658fc036e7bd25f11d54c171b6a0c3cfec9ec688f68

  • Size

    162KB

  • Sample

    240316-vm34cahb36

  • MD5

    3019d4d3a299f6742c7f1f8061578b0f

  • SHA1

    251213e71586f5bd7899f8768906683f642dfadd

  • SHA256

    00647c3b9107c89d403ae658fc036e7bd25f11d54c171b6a0c3cfec9ec688f68

  • SHA512

    035a087cd6329cd5d21b2f65d7a47bdd996a14be55e763e6da2cd5544f221c0dc1f8267afc21330639fa0d29fc3a68b53fb99c29a126bbe642fe8c48877d69e6

  • SSDEEP

    1536:f79TuVtAd6xd6vEi0uxJ7WmjcbLCU+ZcKRtdBIw0vUQwYtMAo0gpy1m3V+oY0:fduV2vj+LocKle1Ft9o0gpem3hJ

Score
10/10

Malware Config

Extracted

Family

urelas

C2

121.88.5.183

218.54.28.139

Targets

    • Target

      00647c3b9107c89d403ae658fc036e7bd25f11d54c171b6a0c3cfec9ec688f68

    • Size

      162KB

    • MD5

      3019d4d3a299f6742c7f1f8061578b0f

    • SHA1

      251213e71586f5bd7899f8768906683f642dfadd

    • SHA256

      00647c3b9107c89d403ae658fc036e7bd25f11d54c171b6a0c3cfec9ec688f68

    • SHA512

      035a087cd6329cd5d21b2f65d7a47bdd996a14be55e763e6da2cd5544f221c0dc1f8267afc21330639fa0d29fc3a68b53fb99c29a126bbe642fe8c48877d69e6

    • SSDEEP

      1536:f79TuVtAd6xd6vEi0uxJ7WmjcbLCU+ZcKRtdBIw0vUQwYtMAo0gpy1m3V+oY0:fduV2vj+LocKle1Ft9o0gpem3hJ

    Score
    10/10
    • Urelas

      Urelas is a trojan targeting card games.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks