General

  • Target

    e106e4e096b7cfacc9ae9f2153a12d944db57f359c0df87962586d83573cb1e5

  • Size

    400KB

  • Sample

    240318-aytzlacf6x

  • MD5

    32021e338fd32df240a0c8c2ae0d78a2

  • SHA1

    aa2590911096eef141dc7a388105795a314703a2

  • SHA256

    e106e4e096b7cfacc9ae9f2153a12d944db57f359c0df87962586d83573cb1e5

  • SHA512

    5ddb5672b77e7053f0ba4b0df22891539db58b750ccd03da14846b3bd20be69fb96c2420304e29723b37f819941bee3b46075daf3441fdde86403881ed38280a

  • SSDEEP

    6144:WmQK4uSrzMUCL11g7A9lQQQlVy4J6nRe4Lfg/D2Hfd00F3bMTWwpcVpq8p:WYdSrzMZbyplVbwRe+W2HPwWwpc/

Score
10/10

Malware Config

Extracted

Family

urelas

C2

121.88.5.183

218.54.30.235

Targets

    • Target

      e106e4e096b7cfacc9ae9f2153a12d944db57f359c0df87962586d83573cb1e5

    • Size

      400KB

    • MD5

      32021e338fd32df240a0c8c2ae0d78a2

    • SHA1

      aa2590911096eef141dc7a388105795a314703a2

    • SHA256

      e106e4e096b7cfacc9ae9f2153a12d944db57f359c0df87962586d83573cb1e5

    • SHA512

      5ddb5672b77e7053f0ba4b0df22891539db58b750ccd03da14846b3bd20be69fb96c2420304e29723b37f819941bee3b46075daf3441fdde86403881ed38280a

    • SSDEEP

      6144:WmQK4uSrzMUCL11g7A9lQQQlVy4J6nRe4Lfg/D2Hfd00F3bMTWwpcVpq8p:WYdSrzMZbyplVbwRe+W2HPwWwpc/

    Score
    10/10
    • Urelas

      Urelas is a trojan targeting card games.

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks