General

  • Target

    d896db759d42faa76b50b3cfe0ddda60N.exe

  • Size

    6.4MB

  • Sample

    240803-19c4bsxcrm

  • MD5

    d896db759d42faa76b50b3cfe0ddda60

  • SHA1

    f7feb5875c086696e7d6918135bda7d6fb3fe5a9

  • SHA256

    06c1a6fb3c7d6a93ed81bf46768e1184aed2b859a75e0a13f9cd67d5e48324bb

  • SHA512

    66e32d1f2150c71f682a5e51f2995a374f75897d2aa387d400603190d58aa27349391d2db27e82bb7249fea54977094344277f8cb8440ab63c5f156a899b9d20

  • SSDEEP

    98304:Roc5swrA2XGxlHKcjTjNk3o659yrnfKtDrKIAyyks+Ctf8mQZVSH:i0LrA2kHKQHNk3og9unipQyOaOH

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

    • Target

      d896db759d42faa76b50b3cfe0ddda60N.exe

    • Size

      6.4MB

    • MD5

      d896db759d42faa76b50b3cfe0ddda60

    • SHA1

      f7feb5875c086696e7d6918135bda7d6fb3fe5a9

    • SHA256

      06c1a6fb3c7d6a93ed81bf46768e1184aed2b859a75e0a13f9cd67d5e48324bb

    • SHA512

      66e32d1f2150c71f682a5e51f2995a374f75897d2aa387d400603190d58aa27349391d2db27e82bb7249fea54977094344277f8cb8440ab63c5f156a899b9d20

    • SSDEEP

      98304:Roc5swrA2XGxlHKcjTjNk3o659yrnfKtDrKIAyyks+Ctf8mQZVSH:i0LrA2kHKQHNk3og9unipQyOaOH

    • Urelas

      Urelas is a trojan targeting card games.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks