General

  • Target

    be7a74e4b4ed2f6c2277f710dada2a481dd3b69007d37d7b217aa1dc7275c363N

  • Size

    6.5MB

  • Sample

    241017-a6fryawerk

  • MD5

    65589c0be2d58cef7b4a9698b239a2d0

  • SHA1

    6d6ee257f32e913ef33ad6ed5f4c866c639d7095

  • SHA256

    be7a74e4b4ed2f6c2277f710dada2a481dd3b69007d37d7b217aa1dc7275c363

  • SHA512

    2bd27d2b3605efe37f84ce8cff0d66b6219d6b05cf9f78a646946db5e8c5bddefc5dbcfc2caa8ef7cfcd3629cac29f1e0060f0c36a2228c15ff735ad363560ee

  • SSDEEP

    98304:Roc5swrA2XGxlHKcjTjNk3o659yrnfKtDrKIAyyks+Ctf8mQZVSt:i0LrA2kHKQHNk3og9unipQyOaOt

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

    • Target

      be7a74e4b4ed2f6c2277f710dada2a481dd3b69007d37d7b217aa1dc7275c363N

    • Size

      6.5MB

    • MD5

      65589c0be2d58cef7b4a9698b239a2d0

    • SHA1

      6d6ee257f32e913ef33ad6ed5f4c866c639d7095

    • SHA256

      be7a74e4b4ed2f6c2277f710dada2a481dd3b69007d37d7b217aa1dc7275c363

    • SHA512

      2bd27d2b3605efe37f84ce8cff0d66b6219d6b05cf9f78a646946db5e8c5bddefc5dbcfc2caa8ef7cfcd3629cac29f1e0060f0c36a2228c15ff735ad363560ee

    • SSDEEP

      98304:Roc5swrA2XGxlHKcjTjNk3o659yrnfKtDrKIAyyks+Ctf8mQZVSt:i0LrA2kHKQHNk3og9unipQyOaOt

    • Urelas

      Urelas is a trojan targeting card games.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks