General

  • Target

    0311ec92d1985a4fdfb720ea11423291d3b54f3e5e0f5c0218923d0b4ba367daN

  • Size

    84KB

  • Sample

    241015-1mg4rsshnl

  • MD5

    126693b44dc99e10ff9dc68becf97730

  • SHA1

    fc0741f0fd98d2c08272efa4ddd8926c8c7f65f2

  • SHA256

    0311ec92d1985a4fdfb720ea11423291d3b54f3e5e0f5c0218923d0b4ba367da

  • SHA512

    8c8dd4f4a04e68cf8416b1c8697edc866795738393511dda7fae75361f078277084d1e627e471188249fa8b055a8953ba4fb99450138a7b59fcee80e5d385307

  • SSDEEP

    1536:Jz+jIHNv+vsFbwW6dk0QeLb4NMHriBRxiDkURN:JznH976dUCnuniD5

Malware Config

Extracted

Family

urelas

C2

112.175.88.207

112.175.88.208

Targets

    • Target

      0311ec92d1985a4fdfb720ea11423291d3b54f3e5e0f5c0218923d0b4ba367daN

    • Size

      84KB

    • MD5

      126693b44dc99e10ff9dc68becf97730

    • SHA1

      fc0741f0fd98d2c08272efa4ddd8926c8c7f65f2

    • SHA256

      0311ec92d1985a4fdfb720ea11423291d3b54f3e5e0f5c0218923d0b4ba367da

    • SHA512

      8c8dd4f4a04e68cf8416b1c8697edc866795738393511dda7fae75361f078277084d1e627e471188249fa8b055a8953ba4fb99450138a7b59fcee80e5d385307

    • SSDEEP

      1536:Jz+jIHNv+vsFbwW6dk0QeLb4NMHriBRxiDkURN:JznH976dUCnuniD5

    • Urelas

      Urelas is a trojan targeting card games.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks