General

  • Target

    04c0b75b38301f77531bf8bb88a6eaa37fd0cfdd7c4b6edd6f8cb08e6bac8856

  • Size

    6.5MB

  • Sample

    240724-wv54catajb

  • MD5

    78275193c14fc6773f26a659bf4fe4fc

  • SHA1

    234998f2808f949e526f99e779ffc10576296ccc

  • SHA256

    04c0b75b38301f77531bf8bb88a6eaa37fd0cfdd7c4b6edd6f8cb08e6bac8856

  • SHA512

    12d566fabcf65907f2ae618d41fa0ec79b2ff3630e2cfb6f3b026573f8604b85e365790fa07335e8d8b23440994b6ee61c1dd678bfffb348d930822591675b0f

  • SSDEEP

    98304:Roc5swrA2XGxlHKcjTjNk3o659yrnfKtDrKIAyyks+Ctf8mQZVSu:i0LrA2kHKQHNk3og9unipQyOaOu

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

    • Target

      04c0b75b38301f77531bf8bb88a6eaa37fd0cfdd7c4b6edd6f8cb08e6bac8856

    • Size

      6.5MB

    • MD5

      78275193c14fc6773f26a659bf4fe4fc

    • SHA1

      234998f2808f949e526f99e779ffc10576296ccc

    • SHA256

      04c0b75b38301f77531bf8bb88a6eaa37fd0cfdd7c4b6edd6f8cb08e6bac8856

    • SHA512

      12d566fabcf65907f2ae618d41fa0ec79b2ff3630e2cfb6f3b026573f8604b85e365790fa07335e8d8b23440994b6ee61c1dd678bfffb348d930822591675b0f

    • SSDEEP

      98304:Roc5swrA2XGxlHKcjTjNk3o659yrnfKtDrKIAyyks+Ctf8mQZVSu:i0LrA2kHKQHNk3og9unipQyOaOu

    • Urelas

      Urelas is a trojan targeting card games.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks