General

  • Target

    2594c1fea029f4ddfeabdf06b38dd7f847911da87f925e33e31065a62a9a65f9

  • Size

    78KB

  • Sample

    240724-yfq2zsteln

  • MD5

    9df0979c407ec10e834aaee873b6d51f

  • SHA1

    6907f09adcbbb34c115a10d0fddb07f02fd744c4

  • SHA256

    2594c1fea029f4ddfeabdf06b38dd7f847911da87f925e33e31065a62a9a65f9

  • SHA512

    35526043f64852c321dcf98285ca32f339cb9d6ed285fbf48e0a26ffc238f1b39791fa8a6f779cd3f420d0c450c3face10d0f28c8ccb685ba852f99a74bddc9b

  • SSDEEP

    1536:9HxkDvWdB7O9dKymMyCMGni2Lz1LaRQLDEQ:9RkjWjK9ABpGzlaRQLv

Malware Config

Extracted

Family

urelas

C2

218.54.47.77

218.54.47.74

Targets

    • Target

      2594c1fea029f4ddfeabdf06b38dd7f847911da87f925e33e31065a62a9a65f9

    • Size

      78KB

    • MD5

      9df0979c407ec10e834aaee873b6d51f

    • SHA1

      6907f09adcbbb34c115a10d0fddb07f02fd744c4

    • SHA256

      2594c1fea029f4ddfeabdf06b38dd7f847911da87f925e33e31065a62a9a65f9

    • SHA512

      35526043f64852c321dcf98285ca32f339cb9d6ed285fbf48e0a26ffc238f1b39791fa8a6f779cd3f420d0c450c3face10d0f28c8ccb685ba852f99a74bddc9b

    • SSDEEP

      1536:9HxkDvWdB7O9dKymMyCMGni2Lz1LaRQLDEQ:9RkjWjK9ABpGzlaRQLv

    • Urelas

      Urelas is a trojan targeting card games.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks