General

  • Target

    e4147b5901fcbc63624d36700ca59330N.exe

  • Size

    343KB

  • Sample

    240804-g1sb4sybrj

  • MD5

    e4147b5901fcbc63624d36700ca59330

  • SHA1

    0f44954e12356f6ee18081265fe0bb9ccc6835de

  • SHA256

    ac06d639d30aec9bb6305373ffb6fa125a89d1db2d259b587489119676a434bc

  • SHA512

    2e0fee55d3464659347b1c93062c0154f8fcddbc71a1e176f5597522a0ae519516aacb83c8a3c2a9886a2c235f750d2bb509056d2b6bdef3c4b8d1a4faf5448a

  • SSDEEP

    6144:Nd7rpL43btmQ58Z27zw39gY2FeZhrL8AwE:X7dL4AZ0U9gY2FhAb

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

    • Target

      e4147b5901fcbc63624d36700ca59330N.exe

    • Size

      343KB

    • MD5

      e4147b5901fcbc63624d36700ca59330

    • SHA1

      0f44954e12356f6ee18081265fe0bb9ccc6835de

    • SHA256

      ac06d639d30aec9bb6305373ffb6fa125a89d1db2d259b587489119676a434bc

    • SHA512

      2e0fee55d3464659347b1c93062c0154f8fcddbc71a1e176f5597522a0ae519516aacb83c8a3c2a9886a2c235f750d2bb509056d2b6bdef3c4b8d1a4faf5448a

    • SSDEEP

      6144:Nd7rpL43btmQ58Z27zw39gY2FeZhrL8AwE:X7dL4AZ0U9gY2FhAb

    • Urelas

      Urelas is a trojan targeting card games.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks