General

  • Target

    292999eb56a511dabf5d9ca489c77ea88aad41274d6576d868090be226948f9e

  • Size

    467KB

  • Sample

    240316-xfhj6sbb79

  • MD5

    41660c562239e85d8d35c7db3d5d65c1

  • SHA1

    cbe6766ea9521de773494ab199da7d452b8e6473

  • SHA256

    292999eb56a511dabf5d9ca489c77ea88aad41274d6576d868090be226948f9e

  • SHA512

    9a0f46452304f3df5fff351fb444666989295aeec275ef20cd8285ec61b6cbbad4957072e5b717318bd7887dcffa0af559185ad202d6886b77ab8939efab5a0b

  • SSDEEP

    12288:Y6twjLHj/8/GcHUIdPPzEmvTnabAh0ZnAr1U6:Y6tQCG0UUPzEkTn4AC1+t

Score
10/10

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.226

218.54.30.235

Targets

    • Target

      292999eb56a511dabf5d9ca489c77ea88aad41274d6576d868090be226948f9e

    • Size

      467KB

    • MD5

      41660c562239e85d8d35c7db3d5d65c1

    • SHA1

      cbe6766ea9521de773494ab199da7d452b8e6473

    • SHA256

      292999eb56a511dabf5d9ca489c77ea88aad41274d6576d868090be226948f9e

    • SHA512

      9a0f46452304f3df5fff351fb444666989295aeec275ef20cd8285ec61b6cbbad4957072e5b717318bd7887dcffa0af559185ad202d6886b77ab8939efab5a0b

    • SSDEEP

      12288:Y6twjLHj/8/GcHUIdPPzEmvTnabAh0ZnAr1U6:Y6tQCG0UUPzEkTn4AC1+t

    Score
    10/10
    • Urelas

      Urelas is a trojan targeting card games.

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks