General

  • Target

    de2368758da69e422fa38e9ef3c76770N.exe

  • Size

    82KB

  • Sample

    240804-ceg7ssxdmc

  • MD5

    de2368758da69e422fa38e9ef3c76770

  • SHA1

    df9be493c15cceb23ae5f1ee4f8927b350a86472

  • SHA256

    828a04a211899614965b995e7a077a6a382d5599bfd86993ffab5d75d0692a4a

  • SHA512

    eb81d6267521a32461b7876a3dc8db81379740b1f4eb00a0b5257cc2d1f4e75db3c01adf15880a3a1c09713c4e7f244867d72138fdea313ca4dee55378bc95ee

  • SSDEEP

    1536:JmBpNDAoG2kf4F+KfQwHq0NVFXqKseZ656KqBxhKYvonouy8GVUVhzpI:8hDAb2VHR5aKsDIbTomAoutGVUVxS

Malware Config

Extracted

Family

urelas

C2

121.88.5.183

121.88.5.184

218.54.28.139

Targets

    • Target

      de2368758da69e422fa38e9ef3c76770N.exe

    • Size

      82KB

    • MD5

      de2368758da69e422fa38e9ef3c76770

    • SHA1

      df9be493c15cceb23ae5f1ee4f8927b350a86472

    • SHA256

      828a04a211899614965b995e7a077a6a382d5599bfd86993ffab5d75d0692a4a

    • SHA512

      eb81d6267521a32461b7876a3dc8db81379740b1f4eb00a0b5257cc2d1f4e75db3c01adf15880a3a1c09713c4e7f244867d72138fdea313ca4dee55378bc95ee

    • SSDEEP

      1536:JmBpNDAoG2kf4F+KfQwHq0NVFXqKseZ656KqBxhKYvonouy8GVUVhzpI:8hDAb2VHR5aKsDIbTomAoutGVUVxS

    • Urelas

      Urelas is a trojan targeting card games.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks