General

  • Target

    088ec3b73a18b12ce05f43c5ceb642ed570f7e73539e45daba4918d952857b6b

  • Size

    659KB

  • Sample

    241017-wz5cls1gkj

  • MD5

    919b26733b2793aa4634f9fbac987e41

  • SHA1

    9be10a2e920ccd90b7c26ebdec3fadfc7313a867

  • SHA256

    088ec3b73a18b12ce05f43c5ceb642ed570f7e73539e45daba4918d952857b6b

  • SHA512

    71f71285258c946a8414ee074690f950d5988b010439d2c8d0aa13baf5a6b0dae35106075d7008bd286ca3aded92490aa128e148878a1b664c52893bdc377a91

  • SSDEEP

    6144:O1xBWeMRygxDLbHxlSBxzJn1REBB6q1gBFJV6AvRqsf6YU+FM+3Yn/fCXjQGDqL9:Ol3MQIDKJzTq+Xxvo0U+d3s/fCX03

Malware Config

Extracted

Family

urelas

C2

121.88.5.183

218.54.30.235

Targets

    • Target

      088ec3b73a18b12ce05f43c5ceb642ed570f7e73539e45daba4918d952857b6b

    • Size

      659KB

    • MD5

      919b26733b2793aa4634f9fbac987e41

    • SHA1

      9be10a2e920ccd90b7c26ebdec3fadfc7313a867

    • SHA256

      088ec3b73a18b12ce05f43c5ceb642ed570f7e73539e45daba4918d952857b6b

    • SHA512

      71f71285258c946a8414ee074690f950d5988b010439d2c8d0aa13baf5a6b0dae35106075d7008bd286ca3aded92490aa128e148878a1b664c52893bdc377a91

    • SSDEEP

      6144:O1xBWeMRygxDLbHxlSBxzJn1REBB6q1gBFJV6AvRqsf6YU+FM+3Yn/fCXjQGDqL9:Ol3MQIDKJzTq+Xxvo0U+d3s/fCX03

    • Urelas

      Urelas is a trojan targeting card games.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks