General

  • Target

    35f188cc6093f6cef6cb12884144251231d0fea53f2a1b02800e8be0db59e2bb

  • Size

    201KB

  • Sample

    240316-xxtnrsbg67

  • MD5

    a14c78ca6af8bbda8599a20bbda60cb0

  • SHA1

    9c6aefdac7bd67d207c97b0bcc8c4f54355e1769

  • SHA256

    35f188cc6093f6cef6cb12884144251231d0fea53f2a1b02800e8be0db59e2bb

  • SHA512

    490b2529544be15e313b7b3043bc1d0071fb394a23e2f15916b04f828665750ca6b1c4384aec0f804edd864f0f4f71671831317307593f6acee817b04302cc29

  • SSDEEP

    3072:llfTVlvfdEDRmyc+XA60Kj4omjuVZ6rNp0Vq:lpTV9rZllomjuCNp0s

Score
10/10

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

    • Target

      35f188cc6093f6cef6cb12884144251231d0fea53f2a1b02800e8be0db59e2bb

    • Size

      201KB

    • MD5

      a14c78ca6af8bbda8599a20bbda60cb0

    • SHA1

      9c6aefdac7bd67d207c97b0bcc8c4f54355e1769

    • SHA256

      35f188cc6093f6cef6cb12884144251231d0fea53f2a1b02800e8be0db59e2bb

    • SHA512

      490b2529544be15e313b7b3043bc1d0071fb394a23e2f15916b04f828665750ca6b1c4384aec0f804edd864f0f4f71671831317307593f6acee817b04302cc29

    • SSDEEP

      3072:llfTVlvfdEDRmyc+XA60Kj4omjuVZ6rNp0Vq:lpTV9rZllomjuCNp0s

    Score
    10/10
    • Urelas

      Urelas is a trojan targeting card games.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks