General

  • Target

    2c74d9e5e526b6327b212b0704fcba394bd100d7a35dc315f723d42eb849a3d7

  • Size

    478KB

  • Sample

    240317-xd1mzach45

  • MD5

    c464dc303427385077e0754be57e1d11

  • SHA1

    c6d2c2b6f404f68aa4d43ea0a94aac49608fb41f

  • SHA256

    2c74d9e5e526b6327b212b0704fcba394bd100d7a35dc315f723d42eb849a3d7

  • SHA512

    6007cd2a27d324cf4955882bed9a18f10ead96f26f140696da92b9ff9f69caa12a104ee00a105b434dd9a341b53ddc571138a63a5a3986b9260e014a28690318

  • SSDEEP

    6144:wqXAoQT5Tr9R0HN/3w36EnCYLTcz6MY5NYnE/QhyjxJBErrZAWkPW5oeNtLjpVO1:TQRI/3w36EnCYcFE/iydJai/WZty

Score
10/10

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.226

218.54.30.235

218.54.31.165

Targets

    • Target

      2c74d9e5e526b6327b212b0704fcba394bd100d7a35dc315f723d42eb849a3d7

    • Size

      478KB

    • MD5

      c464dc303427385077e0754be57e1d11

    • SHA1

      c6d2c2b6f404f68aa4d43ea0a94aac49608fb41f

    • SHA256

      2c74d9e5e526b6327b212b0704fcba394bd100d7a35dc315f723d42eb849a3d7

    • SHA512

      6007cd2a27d324cf4955882bed9a18f10ead96f26f140696da92b9ff9f69caa12a104ee00a105b434dd9a341b53ddc571138a63a5a3986b9260e014a28690318

    • SSDEEP

      6144:wqXAoQT5Tr9R0HN/3w36EnCYLTcz6MY5NYnE/QhyjxJBErrZAWkPW5oeNtLjpVO1:TQRI/3w36EnCYcFE/iydJai/WZty

    Score
    10/10
    • Urelas

      Urelas is a trojan targeting card games.

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks