General

  • Target

    a86f81147abd5f480509100ae389b789eb600a404f173eebdec3b653a6daed62.exe

  • Size

    467KB

  • Sample

    241121-jre2ja1bjp

  • MD5

    0f5e4bbfcfd0acca9f07f391dcf1e589

  • SHA1

    ac4160ff4b83c36db425c6b68845c34ed6935557

  • SHA256

    a86f81147abd5f480509100ae389b789eb600a404f173eebdec3b653a6daed62

  • SHA512

    a7aa485826d8fa53ad0511962e6c89e490fd43492317e7d987f18239b22b14c5b648e860342fe98095f7e5c45d98255cb0371d969f1e139d5cf57fc8692a3c8c

  • SSDEEP

    12288:m6twjLHj/8/GcHUIdPPzEmvTnabAh0ZnAr1Uv2:m6tQCG0UUPzEkTn4AC1+1

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.226

218.54.30.235

Targets

    • Target

      a86f81147abd5f480509100ae389b789eb600a404f173eebdec3b653a6daed62.exe

    • Size

      467KB

    • MD5

      0f5e4bbfcfd0acca9f07f391dcf1e589

    • SHA1

      ac4160ff4b83c36db425c6b68845c34ed6935557

    • SHA256

      a86f81147abd5f480509100ae389b789eb600a404f173eebdec3b653a6daed62

    • SHA512

      a7aa485826d8fa53ad0511962e6c89e490fd43492317e7d987f18239b22b14c5b648e860342fe98095f7e5c45d98255cb0371d969f1e139d5cf57fc8692a3c8c

    • SSDEEP

      12288:m6twjLHj/8/GcHUIdPPzEmvTnabAh0ZnAr1Uv2:m6tQCG0UUPzEkTn4AC1+1

    • Urelas

      Urelas is a trojan targeting card games.

    • Urelas family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks