General

  • Target

    33b737169f3f9418f69db6837bb57bad279eabfd325d53e679bc7a51e3fa413d

  • Size

    6.4MB

  • Sample

    240316-xte17sbf58

  • MD5

    95bedfbc07630636f03d4420c7d7b15d

  • SHA1

    47e2282eb2fa582574a50cbe600d40654b3d11db

  • SHA256

    33b737169f3f9418f69db6837bb57bad279eabfd325d53e679bc7a51e3fa413d

  • SHA512

    913e5faf29bc399aba4109323873e166c7e6559035b02971c151b0f10e37c0c7ce37c92c6b9bb31ea71b50345e3a9a6d4f6d0a26800b07ce0c9c3001164c679f

  • SSDEEP

    98304:Roc5swrA2XGxlHKcjTjNk3o659yrnfKtDrKIAyyks+Ctf8mQZVSZ:i0LrA2kHKQHNk3og9unipQyOaOZ

Score
10/10

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

    • Target

      33b737169f3f9418f69db6837bb57bad279eabfd325d53e679bc7a51e3fa413d

    • Size

      6.4MB

    • MD5

      95bedfbc07630636f03d4420c7d7b15d

    • SHA1

      47e2282eb2fa582574a50cbe600d40654b3d11db

    • SHA256

      33b737169f3f9418f69db6837bb57bad279eabfd325d53e679bc7a51e3fa413d

    • SHA512

      913e5faf29bc399aba4109323873e166c7e6559035b02971c151b0f10e37c0c7ce37c92c6b9bb31ea71b50345e3a9a6d4f6d0a26800b07ce0c9c3001164c679f

    • SSDEEP

      98304:Roc5swrA2XGxlHKcjTjNk3o659yrnfKtDrKIAyyks+Ctf8mQZVSZ:i0LrA2kHKQHNk3og9unipQyOaOZ

    Score
    10/10
    • Urelas

      Urelas is a trojan targeting card games.

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks