urelas | 45c6c1232001bd4461bdf4496e6db96fcf88a7f2b3be68a7b33c45c507484081 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

96f91809ea79fda60606e26e9cf766e0_JC.exe
Size

467KB
Sample

230919-xxr5yadf59
MD5

96f91809ea79fda60606e26e9cf766e0
SHA1

d8bc6c5e5c78fc4c9be87b2afe4b645d133c8e6e
SHA256

45c6c1232001bd4461bdf4496e6db96fcf88a7f2b3be68a7b33c45c507484081
SHA512

4d8530567641128f3d2366516e14dadca83dd111182ddff8f321d4a6eedd2798c4ed622bcb61f76e332b4fb49a234cab7953a03626b706de16576f844119f180
SSDEEP

12288:j3CtSokfFGUMKwlTIU/b37dJ75WEe+eKTxB6m9:jx9GzHlTv/b35tecFB6Y

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

121.88.5.183

121.88.5.184

Targets

- Target
  
  96f91809ea79fda60606e26e9cf766e0_JC.exe
- Size
  
  467KB
- MD5
  
  96f91809ea79fda60606e26e9cf766e0
- SHA1
  
  d8bc6c5e5c78fc4c9be87b2afe4b645d133c8e6e
- SHA256
  
  45c6c1232001bd4461bdf4496e6db96fcf88a7f2b3be68a7b33c45c507484081
- SHA512
  
  4d8530567641128f3d2366516e14dadca83dd111182ddff8f321d4a6eedd2798c4ed622bcb61f76e332b4fb49a234cab7953a03626b706de16576f844119f180
- SSDEEP
  
  12288:j3CtSokfFGUMKwlTIU/b37dJ75WEe+eKTxB6m9:jx9GzHlTv/b35tecFB6Y
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2