General

  • Target

    81099e4d51edcbcd8e1fa3c5a398a714987ae214010e4c10c2d68d8bde32e3f6.exe

  • Size

    76KB

  • Sample

    241217-cznv3sxpbs

  • MD5

    30e0c5360dacb25116307c083f78b537

  • SHA1

    fe61af4b6a90c0825f4d3b57e088b1419500b1a5

  • SHA256

    81099e4d51edcbcd8e1fa3c5a398a714987ae214010e4c10c2d68d8bde32e3f6

  • SHA512

    42fb45e76764169563eac3170e24c5643cf64904ab7cb158e6366478ed5637561bfd04c2a1dae1fe3906a21cba1644554414d5c14341622bc554b8c7ee4929de

  • SSDEEP

    1536:9HxkDvWdB7O9dKymMyCMGni2Lz1LaRQLDEs:9RkjWjK9ABpGzlaRQLT

Malware Config

Extracted

Family

urelas

C2

218.54.47.77

218.54.47.74

Targets

    • Target

      81099e4d51edcbcd8e1fa3c5a398a714987ae214010e4c10c2d68d8bde32e3f6.exe

    • Size

      76KB

    • MD5

      30e0c5360dacb25116307c083f78b537

    • SHA1

      fe61af4b6a90c0825f4d3b57e088b1419500b1a5

    • SHA256

      81099e4d51edcbcd8e1fa3c5a398a714987ae214010e4c10c2d68d8bde32e3f6

    • SHA512

      42fb45e76764169563eac3170e24c5643cf64904ab7cb158e6366478ed5637561bfd04c2a1dae1fe3906a21cba1644554414d5c14341622bc554b8c7ee4929de

    • SSDEEP

      1536:9HxkDvWdB7O9dKymMyCMGni2Lz1LaRQLDEs:9RkjWjK9ABpGzlaRQLT

    • Urelas

      Urelas is a trojan targeting card games.

    • Urelas family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks