urelas | fe1234bba5afb9fc0c7f6abb4a45220fed9468da934c26e7217e3bc8c3b8029a | Triage

Sharing

General

Target

adf3aab71c184a8a1ae41811796d0c77_JC.exe
Size

460KB
Sample

231003-wv4khsgf34
MD5

adf3aab71c184a8a1ae41811796d0c77
SHA1

d97fb23ebd15b5307327c63e65e8a8fcf1e84106
SHA256

fe1234bba5afb9fc0c7f6abb4a45220fed9468da934c26e7217e3bc8c3b8029a
SHA512

170eccf9835ed72e11e98d2683fd3f448861b9f3053d8132f3e5c1e1abfdabe61675ee71869a639ab823d336a2ce511a59109dbbddb584b9592b48236936959d
SSDEEP

6144:LEK25f5ySIcWLsxIIW4DYM6SB6v+qLnAzYmhVOpdFRdmp:LMpASIcWYx2U6hAJV/

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

- Target
  
  adf3aab71c184a8a1ae41811796d0c77_JC.exe
- Size
  
  460KB
- MD5
  
  adf3aab71c184a8a1ae41811796d0c77
- SHA1
  
  d97fb23ebd15b5307327c63e65e8a8fcf1e84106
- SHA256
  
  fe1234bba5afb9fc0c7f6abb4a45220fed9468da934c26e7217e3bc8c3b8029a
- SHA512
  
  170eccf9835ed72e11e98d2683fd3f448861b9f3053d8132f3e5c1e1abfdabe61675ee71869a639ab823d336a2ce511a59109dbbddb584b9592b48236936959d
- SSDEEP
  
  6144:LEK25f5ySIcWLsxIIW4DYM6SB6v+qLnAzYmhVOpdFRdmp:LMpASIcWYx2U6hAJV/
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2