General

  • Target

    cf8c49870e8ada3b86dff073d82adcc302f9fafbf74bcf36e152dc087ff57b52.exe

  • Size

    555KB

  • Sample

    241118-1mcjaa1kgq

  • MD5

    49578e06b681e1ad56ca5fd417aef0fb

  • SHA1

    e6cbb060c5ab504f2ec3f2cc2f621eaed907727d

  • SHA256

    cf8c49870e8ada3b86dff073d82adcc302f9fafbf74bcf36e152dc087ff57b52

  • SHA512

    75f26a3d205875d322337b5398b8627e77690d8c52f8db73e4391b846d0101f8a1fc4569d3d7ba0b209d7d8af1a2c730dc59f0f4f0115da1ed7460e879907471

  • SSDEEP

    12288:zccNvdRExZGe+Q1nSoS++43x+l7QLiaEyY:znPfQp9L3olqFY

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.226

218.54.31.165

Targets

    • Target

      cf8c49870e8ada3b86dff073d82adcc302f9fafbf74bcf36e152dc087ff57b52.exe

    • Size

      555KB

    • MD5

      49578e06b681e1ad56ca5fd417aef0fb

    • SHA1

      e6cbb060c5ab504f2ec3f2cc2f621eaed907727d

    • SHA256

      cf8c49870e8ada3b86dff073d82adcc302f9fafbf74bcf36e152dc087ff57b52

    • SHA512

      75f26a3d205875d322337b5398b8627e77690d8c52f8db73e4391b846d0101f8a1fc4569d3d7ba0b209d7d8af1a2c730dc59f0f4f0115da1ed7460e879907471

    • SSDEEP

      12288:zccNvdRExZGe+Q1nSoS++43x+l7QLiaEyY:znPfQp9L3olqFY

    • Urelas

      Urelas is a trojan targeting card games.

    • Urelas family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks