General

  • Target

    5270bd0f50e80f6b48cd66d5bd842446df07c1b2dd046809bb87e9ca6a107a34N

  • Size

    84KB

  • Sample

    241016-srqmpswfmf

  • MD5

    35a6e6326f263f5f17a7bb6e72c2f220

  • SHA1

    2ccfbae9ef0842c766471c9a7ae8725b9591b035

  • SHA256

    5270bd0f50e80f6b48cd66d5bd842446df07c1b2dd046809bb87e9ca6a107a34

  • SHA512

    5bd7886a9a5e7dbd4657e396a838fc1c469c3ca077e938f7d952f642967f44981a2fdc8abfcd7f7fe036f97cbe46d142bc7b93d25e25ee62c69341ac5a88747b

  • SSDEEP

    1536:Jz+jIHNv+vsFbwW6dk0QeLb4NMHriBRxiDkURb:JznH976dUCnuniDn

Malware Config

Extracted

Family

urelas

C2

112.175.88.207

112.175.88.208

Targets

    • Target

      5270bd0f50e80f6b48cd66d5bd842446df07c1b2dd046809bb87e9ca6a107a34N

    • Size

      84KB

    • MD5

      35a6e6326f263f5f17a7bb6e72c2f220

    • SHA1

      2ccfbae9ef0842c766471c9a7ae8725b9591b035

    • SHA256

      5270bd0f50e80f6b48cd66d5bd842446df07c1b2dd046809bb87e9ca6a107a34

    • SHA512

      5bd7886a9a5e7dbd4657e396a838fc1c469c3ca077e938f7d952f642967f44981a2fdc8abfcd7f7fe036f97cbe46d142bc7b93d25e25ee62c69341ac5a88747b

    • SSDEEP

      1536:Jz+jIHNv+vsFbwW6dk0QeLb4NMHriBRxiDkURb:JznH976dUCnuniDn

    • Urelas

      Urelas is a trojan targeting card games.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks