urelas | 1176-39-0x0000000000E50000-0x00000000018F6000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1176-39-0x0000000000E50000-0x00000000018F6000-memory.dmp
Size

10.6MB
MD5

f38126eba9b6fd22af9ae7d8315d89fe
SHA1

afc7c6c1f8242592e35ce54f37578db354fafe6f
SHA256

d474bb7d54bbcc9587bc544ec979dfcd52d39e75294be722376c205e531e117c
SHA512

25619ba1538ebb8c785b9f3324363c39030cd2e0eb52658768e65ddb30b5644f29f1a0cd43e485cf8783673dd1591901bd7dcd28f0ffcc043b27e8179b3ae0ca
SSDEEP

196608:zJJhi98lzxaLmgMimxq7GX9GSNIeaBV6PFMe9RncR54SEMgPAU4EXWl:928lx+zg7Fm6PFMeTyhrgPFf

Score

10^/10

urelas

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Signatures

Urelas family
urelas

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1176-39-0x0000000000E50000-0x00000000018F6000-memory.dmp

Files

1176-39-0x0000000000E50000-0x00000000018F6000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

GSUDUHUW
Size: - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

."wo
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.htext
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xu0
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.lR5
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.$o1
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ