General

  • Target

    04af9fdeb8b2ad90a158ad532f52e10b4eb9aa9b926a9f89ee575e067d8ec252

  • Size

    6.5MB

  • Sample

    240805-wxs7katgkp

  • MD5

    75ed6c272eea140c98a7443d01d1f7d9

  • SHA1

    081b6c14c7caa41368c97a56ba2843c201794a5d

  • SHA256

    04af9fdeb8b2ad90a158ad532f52e10b4eb9aa9b926a9f89ee575e067d8ec252

  • SHA512

    259424b0b44e80c4620f16e43fc8c371867324247d11f1e3850cb3bf66566a784a121cf83c3ed10694bbc2a47c419e916f498f82a0ca0b00d42ab6f78a908c67

  • SSDEEP

    98304:Roc5swrA2XGxlHKcjTjNk3o659yrnfKtDrKIAyyks+Ctf8mQZVSy:i0LrA2kHKQHNk3og9unipQyOaOy

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

    • Target

      04af9fdeb8b2ad90a158ad532f52e10b4eb9aa9b926a9f89ee575e067d8ec252

    • Size

      6.5MB

    • MD5

      75ed6c272eea140c98a7443d01d1f7d9

    • SHA1

      081b6c14c7caa41368c97a56ba2843c201794a5d

    • SHA256

      04af9fdeb8b2ad90a158ad532f52e10b4eb9aa9b926a9f89ee575e067d8ec252

    • SHA512

      259424b0b44e80c4620f16e43fc8c371867324247d11f1e3850cb3bf66566a784a121cf83c3ed10694bbc2a47c419e916f498f82a0ca0b00d42ab6f78a908c67

    • SSDEEP

      98304:Roc5swrA2XGxlHKcjTjNk3o659yrnfKtDrKIAyyks+Ctf8mQZVSy:i0LrA2kHKQHNk3og9unipQyOaOy

    • Urelas

      Urelas is a trojan targeting card games.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks