General

  • Target

    946ede0c48a78bfb4183f46c6dffc7c550281872512f58637bcf0fb0dada1066

  • Size

    76KB

  • Sample

    241205-azdc8syqh1

  • MD5

    4d8c368c9e3ffa46e64b5f70409bf635

  • SHA1

    3912bc6d451cb1af647c48262174298c89c38553

  • SHA256

    946ede0c48a78bfb4183f46c6dffc7c550281872512f58637bcf0fb0dada1066

  • SHA512

    4b6f91e38cf0a15678c1bb44fac726ea3569cce54c24c16d77be53c023e1d325f7cd18083afb18df690188cde43929e7fc025b94c0d16d45ed12bd57e22703dc

  • SSDEEP

    1536:9HxkDvWdB7O9dKymMyCMGni2Lz1LaRQLDEx:9RkjWjK9ABpGzlaRQLq

Malware Config

Extracted

Family

urelas

C2

218.54.47.77

218.54.47.74

Targets

    • Target

      946ede0c48a78bfb4183f46c6dffc7c550281872512f58637bcf0fb0dada1066

    • Size

      76KB

    • MD5

      4d8c368c9e3ffa46e64b5f70409bf635

    • SHA1

      3912bc6d451cb1af647c48262174298c89c38553

    • SHA256

      946ede0c48a78bfb4183f46c6dffc7c550281872512f58637bcf0fb0dada1066

    • SHA512

      4b6f91e38cf0a15678c1bb44fac726ea3569cce54c24c16d77be53c023e1d325f7cd18083afb18df690188cde43929e7fc025b94c0d16d45ed12bd57e22703dc

    • SSDEEP

      1536:9HxkDvWdB7O9dKymMyCMGni2Lz1LaRQLDEx:9RkjWjK9ABpGzlaRQLq

    • Urelas

      Urelas is a trojan targeting card games.

    • Urelas family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks