General

  • Target

    7e3e8afd2af3dfbbeed61b25cf3a2d9c696fc4a86b91ac9270f3b63eb281eb15.exe

  • Size

    558KB

  • Sample

    241120-yrr4essake

  • MD5

    65a71e1537c72631e69b404ecde397a2

  • SHA1

    9eb58a825e5e415cdc1b783109e1cf3b91a1e6c6

  • SHA256

    7e3e8afd2af3dfbbeed61b25cf3a2d9c696fc4a86b91ac9270f3b63eb281eb15

  • SHA512

    67b50dac679ddb6d13b667a5cf19b46d3332c46cbe617a6180b4916692607275bd87f590e878f47137116827b13b7cd7352fc9258e729f3f8998a4eccdc73442

  • SSDEEP

    12288:zccNvdRExZGe+Q1nSoS++43x+l7QLiaEy4:znPfQp9L3olqF4

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.226

218.54.31.165

Targets

    • Target

      7e3e8afd2af3dfbbeed61b25cf3a2d9c696fc4a86b91ac9270f3b63eb281eb15.exe

    • Size

      558KB

    • MD5

      65a71e1537c72631e69b404ecde397a2

    • SHA1

      9eb58a825e5e415cdc1b783109e1cf3b91a1e6c6

    • SHA256

      7e3e8afd2af3dfbbeed61b25cf3a2d9c696fc4a86b91ac9270f3b63eb281eb15

    • SHA512

      67b50dac679ddb6d13b667a5cf19b46d3332c46cbe617a6180b4916692607275bd87f590e878f47137116827b13b7cd7352fc9258e729f3f8998a4eccdc73442

    • SSDEEP

      12288:zccNvdRExZGe+Q1nSoS++43x+l7QLiaEy4:znPfQp9L3olqF4

    • Urelas

      Urelas is a trojan targeting card games.

    • Urelas family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks