General

  • Target

    dff29942dea44b594c6e1ea573e5483e30c1fb8910f43c9a26eabc1b087023aaN

  • Size

    6.5MB

  • Sample

    241016-jlhv8szdqh

  • MD5

    a6de2c7cc86c8124ae0a1f9618a0b160

  • SHA1

    953906096e70829abd46376c656bfb8486643aeb

  • SHA256

    dff29942dea44b594c6e1ea573e5483e30c1fb8910f43c9a26eabc1b087023aa

  • SHA512

    06e2a17efada0c490b955c22e21e8a45b14a6099dbb7727f0a6e614d29f652dc0444bc154051dead68fb7f596c727787f286ae9179ecf575bd5da483c1d744ab

  • SSDEEP

    98304:Roc5swrA2XGxlHKcjTjNk3o659yrnfKtDrKIAyyks+Ctf8mQZVS2:i0LrA2kHKQHNk3og9unipQyOaO2

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

    • Target

      dff29942dea44b594c6e1ea573e5483e30c1fb8910f43c9a26eabc1b087023aaN

    • Size

      6.5MB

    • MD5

      a6de2c7cc86c8124ae0a1f9618a0b160

    • SHA1

      953906096e70829abd46376c656bfb8486643aeb

    • SHA256

      dff29942dea44b594c6e1ea573e5483e30c1fb8910f43c9a26eabc1b087023aa

    • SHA512

      06e2a17efada0c490b955c22e21e8a45b14a6099dbb7727f0a6e614d29f652dc0444bc154051dead68fb7f596c727787f286ae9179ecf575bd5da483c1d744ab

    • SSDEEP

      98304:Roc5swrA2XGxlHKcjTjNk3o659yrnfKtDrKIAyyks+Ctf8mQZVS2:i0LrA2kHKQHNk3og9unipQyOaO2

    • Urelas

      Urelas is a trojan targeting card games.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks