General

  • Target

    02d8616a876a55020ac39998de21dd402630010b64a2a08b9c70a49cb2cf85ad

  • Size

    544KB

  • Sample

    241011-wp64fs1anm

  • MD5

    13ee1cad26ff12c2ff8bfdacec05d297

  • SHA1

    2799bf88316b4099ffa5c4ac0243a4c86e5a341d

  • SHA256

    02d8616a876a55020ac39998de21dd402630010b64a2a08b9c70a49cb2cf85ad

  • SHA512

    3346debd71e6f6cdb3418796ced58d0eb45d150f6f78848f275c5b075c125d7d6fc3734d37673c91a421054d95de696cfd5aa8aafa37411dab92cd44ba849534

  • SSDEEP

    12288:T52PxDgZo3ijnieactYDG7MzZSHJcvEj8dmoSxuI:92SLi70T7Mifjd

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.226

218.54.30.235

218.54.31.165

Targets

    • Target

      02d8616a876a55020ac39998de21dd402630010b64a2a08b9c70a49cb2cf85ad

    • Size

      544KB

    • MD5

      13ee1cad26ff12c2ff8bfdacec05d297

    • SHA1

      2799bf88316b4099ffa5c4ac0243a4c86e5a341d

    • SHA256

      02d8616a876a55020ac39998de21dd402630010b64a2a08b9c70a49cb2cf85ad

    • SHA512

      3346debd71e6f6cdb3418796ced58d0eb45d150f6f78848f275c5b075c125d7d6fc3734d37673c91a421054d95de696cfd5aa8aafa37411dab92cd44ba849534

    • SSDEEP

      12288:T52PxDgZo3ijnieactYDG7MzZSHJcvEj8dmoSxuI:92SLi70T7Mifjd

    • Urelas

      Urelas is a trojan targeting card games.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks