General

  • Target

    3c1195d085a9ac66a0f1ddaa1e832855c5a45f5db35ea1953d6bd3b48dc46124.exe

  • Size

    537KB

  • Sample

    241120-11zwqsyphl

  • MD5

    b20e55b1dcce2bfa5356a84bcd9da7d9

  • SHA1

    79e4dffeb55d8c3818ad3b8ce3c1048f9baf92ee

  • SHA256

    3c1195d085a9ac66a0f1ddaa1e832855c5a45f5db35ea1953d6bd3b48dc46124

  • SHA512

    dc7ac12b0c4df4d4d0d31875fce8c4e2fec5ede05cf8ffa26a2bae6e8983ccde39550535c8d9f06b0130994de5ebe96fc66a0a5d71075c2318aab92e3eb29480

  • SSDEEP

    12288:q0nPhglq2Uyt4R/b2G/0hznQGoexBU/NPg:q0P/k4lb2wKatg

Score
10/10

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

Targets

    • Target

      3c1195d085a9ac66a0f1ddaa1e832855c5a45f5db35ea1953d6bd3b48dc46124.exe

    • Size

      537KB

    • MD5

      b20e55b1dcce2bfa5356a84bcd9da7d9

    • SHA1

      79e4dffeb55d8c3818ad3b8ce3c1048f9baf92ee

    • SHA256

      3c1195d085a9ac66a0f1ddaa1e832855c5a45f5db35ea1953d6bd3b48dc46124

    • SHA512

      dc7ac12b0c4df4d4d0d31875fce8c4e2fec5ede05cf8ffa26a2bae6e8983ccde39550535c8d9f06b0130994de5ebe96fc66a0a5d71075c2318aab92e3eb29480

    • SSDEEP

      12288:q0nPhglq2Uyt4R/b2G/0hznQGoexBU/NPg:q0P/k4lb2wKatg

    Score
    10/10
    • Urelas

      Urelas is a trojan targeting card games.

    • Urelas family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks