urelas | 094e5340a787eb63c7ec9bc0064e7041d6de24884f13c5de257e6f0951e63f33 | Triage

Sharing

General

Target

d15c0d80331707818e94006e6c65de2f_JC.exe
Size

403KB
Sample

231003-s6s2daeh94
MD5

d15c0d80331707818e94006e6c65de2f
SHA1

3250f10557bfd017102efb801b1877b09cd310bc
SHA256

094e5340a787eb63c7ec9bc0064e7041d6de24884f13c5de257e6f0951e63f33
SHA512

f7672242d0adeec0cb437950d5f1d342b75dd1e0dc81c8cf31a1babeb58f9352b2bff7ae1d2c9dffcd17ee3d6d0920875d42be58b24f705b221060d293d7713b
SSDEEP

6144:GkBy7+8pCOVi3L+w6Vg0lnwzBDFqzRoRXOmbvRQ20M:GUwRpCOVi3aPg0lwzN0RY+mbvr5

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.226

218.54.31.165

Targets

- Target
  
  d15c0d80331707818e94006e6c65de2f_JC.exe
- Size
  
  403KB
- MD5
  
  d15c0d80331707818e94006e6c65de2f
- SHA1
  
  3250f10557bfd017102efb801b1877b09cd310bc
- SHA256
  
  094e5340a787eb63c7ec9bc0064e7041d6de24884f13c5de257e6f0951e63f33
- SHA512
  
  f7672242d0adeec0cb437950d5f1d342b75dd1e0dc81c8cf31a1babeb58f9352b2bff7ae1d2c9dffcd17ee3d6d0920875d42be58b24f705b221060d293d7713b
- SSDEEP
  
  6144:GkBy7+8pCOVi3L+w6Vg0lnwzBDFqzRoRXOmbvRQ20M:GUwRpCOVi3aPg0lwzN0RY+mbvr5
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2