General

  • Target

    4896ff82cf1f05088078b47ed0ac7a77373017a5fe69eb34857592fc5c255823N

  • Size

    331KB

  • Sample

    241010-xf1ezs1dkb

  • MD5

    d9a2ddc6a4a91bd5cd66209213ed9090

  • SHA1

    d7ab98612fe3c164b3eebb8a0a7d13141cdaa890

  • SHA256

    4896ff82cf1f05088078b47ed0ac7a77373017a5fe69eb34857592fc5c255823

  • SHA512

    ab10654fc5df5ad4b2d27859b4a2643711adb98d5d8da1e2faca39f7c81d5e65996e46e5ea601dfee3d4f75e6027ab9bd824ba87db83bd2675fdc6885d1f6642

  • SSDEEP

    3072:NdXi+V5Kgxpdxj8gbib20xTyst542t8ZHWBow8+zoB91wDQgJl0x2AEMenKbZisg:Nd7rpL43btmQ58Z27zw39gY2FeZhmzt

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

    • Target

      4896ff82cf1f05088078b47ed0ac7a77373017a5fe69eb34857592fc5c255823N

    • Size

      331KB

    • MD5

      d9a2ddc6a4a91bd5cd66209213ed9090

    • SHA1

      d7ab98612fe3c164b3eebb8a0a7d13141cdaa890

    • SHA256

      4896ff82cf1f05088078b47ed0ac7a77373017a5fe69eb34857592fc5c255823

    • SHA512

      ab10654fc5df5ad4b2d27859b4a2643711adb98d5d8da1e2faca39f7c81d5e65996e46e5ea601dfee3d4f75e6027ab9bd824ba87db83bd2675fdc6885d1f6642

    • SSDEEP

      3072:NdXi+V5Kgxpdxj8gbib20xTyst542t8ZHWBow8+zoB91wDQgJl0x2AEMenKbZisg:Nd7rpL43btmQ58Z27zw39gY2FeZhmzt

    • Urelas

      Urelas is a trojan targeting card games.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks