General

  • Target

    37ef62d5ffa78549aca9345730ecb37c6d6f74100fa889a92da092eff055bd8aN.exe

  • Size

    6.5MB

  • Sample

    241206-yxxabs1mcq

  • MD5

    8f8a6a76809094b654f65f6107740d70

  • SHA1

    60de680dcd7d55316c6c76eb683c1525f3eccfc0

  • SHA256

    37ef62d5ffa78549aca9345730ecb37c6d6f74100fa889a92da092eff055bd8a

  • SHA512

    795479d31e006b162e1716623f13259e9ac1922fe48c5eeaa0f37b8b9665c85f3b2250014c8bb68561c7890a7742a18832420f14d95fb0012ea25313ce812c2b

  • SSDEEP

    98304:Roc5swrA2XGxlHKcjTjNk3o659yrnfKtDrKIAyyks+Ctf8mQZVSM:i0LrA2kHKQHNk3og9unipQyOaOM

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

    • Target

      37ef62d5ffa78549aca9345730ecb37c6d6f74100fa889a92da092eff055bd8aN.exe

    • Size

      6.5MB

    • MD5

      8f8a6a76809094b654f65f6107740d70

    • SHA1

      60de680dcd7d55316c6c76eb683c1525f3eccfc0

    • SHA256

      37ef62d5ffa78549aca9345730ecb37c6d6f74100fa889a92da092eff055bd8a

    • SHA512

      795479d31e006b162e1716623f13259e9ac1922fe48c5eeaa0f37b8b9665c85f3b2250014c8bb68561c7890a7742a18832420f14d95fb0012ea25313ce812c2b

    • SSDEEP

      98304:Roc5swrA2XGxlHKcjTjNk3o659yrnfKtDrKIAyyks+Ctf8mQZVSM:i0LrA2kHKQHNk3og9unipQyOaOM

    • Urelas

      Urelas is a trojan targeting card games.

    • Urelas family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks