General

  • Target

    f43e0f2ca51002a44daef5415cec2d20N.exe

  • Size

    400KB

  • Sample

    240804-t8jfdszdkr

  • MD5

    f43e0f2ca51002a44daef5415cec2d20

  • SHA1

    edd11c71c0b8905912545ccbc96f585b521ab7c0

  • SHA256

    0f86ec37ce793d7040d48bafc0ae705dbe3c6b2647f3a7cc4755b24356433e71

  • SHA512

    f590f5a657eac124bbb65d84d5e7cc050cbda713f088043a21f18c6396cb800585a96b96248671bf2d83d85b04404c6441ffeb1fdaf3f2f29a35a7c3e39f324a

  • SSDEEP

    6144:tzU7blKaP2iCWhWapKRaRXOkN4Swel6f3IsInOy:hU7M5ijWh0XOW4sEfeOy

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

Targets

    • Target

      f43e0f2ca51002a44daef5415cec2d20N.exe

    • Size

      400KB

    • MD5

      f43e0f2ca51002a44daef5415cec2d20

    • SHA1

      edd11c71c0b8905912545ccbc96f585b521ab7c0

    • SHA256

      0f86ec37ce793d7040d48bafc0ae705dbe3c6b2647f3a7cc4755b24356433e71

    • SHA512

      f590f5a657eac124bbb65d84d5e7cc050cbda713f088043a21f18c6396cb800585a96b96248671bf2d83d85b04404c6441ffeb1fdaf3f2f29a35a7c3e39f324a

    • SSDEEP

      6144:tzU7blKaP2iCWhWapKRaRXOkN4Swel6f3IsInOy:hU7M5ijWh0XOW4sEfeOy

    • Urelas

      Urelas is a trojan targeting card games.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks