General

  • Target

    05e11cd58c166e62e0265acc90e832b7c2e4a92ae8f8a88eb6598ed496167828

  • Size

    84KB

  • Sample

    240805-wzvs6stgqm

  • MD5

    53cfa7a6885136092e093efe2af882c2

  • SHA1

    f8b9944e1d694469a0a692bdd49b3324a44b37b7

  • SHA256

    05e11cd58c166e62e0265acc90e832b7c2e4a92ae8f8a88eb6598ed496167828

  • SHA512

    9dc3110fe07a87fd24ee4657862c35eddb70adee7f7107bae9b7c71d6fd16bf7fab54fa45c5b09f21f2829b374556621c7ebf01326ef6d364360aaeb88917e8f

  • SSDEEP

    1536:Jz+jIHNv+vsFbwW6dk0QeLb4NMHriBRxiDkURq:JznH976dUCnuniD2

Malware Config

Extracted

Family

urelas

C2

112.175.88.207

112.175.88.208

Targets

    • Target

      05e11cd58c166e62e0265acc90e832b7c2e4a92ae8f8a88eb6598ed496167828

    • Size

      84KB

    • MD5

      53cfa7a6885136092e093efe2af882c2

    • SHA1

      f8b9944e1d694469a0a692bdd49b3324a44b37b7

    • SHA256

      05e11cd58c166e62e0265acc90e832b7c2e4a92ae8f8a88eb6598ed496167828

    • SHA512

      9dc3110fe07a87fd24ee4657862c35eddb70adee7f7107bae9b7c71d6fd16bf7fab54fa45c5b09f21f2829b374556621c7ebf01326ef6d364360aaeb88917e8f

    • SSDEEP

      1536:Jz+jIHNv+vsFbwW6dk0QeLb4NMHriBRxiDkURq:JznH976dUCnuniD2

    • Urelas

      Urelas is a trojan targeting card games.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks