urelas | d0d73efe8ddf13325f7f136d18c18b0e8584a0747129ac7994a88054a448b168 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3994c840d6f44530b65344ae7db13510_JC.exe
Size

436KB
Sample

231011-g2we6aee3z
MD5

3994c840d6f44530b65344ae7db13510
SHA1

291b9f6494d6a4b3f105f8d91b558f90582164c5
SHA256

d0d73efe8ddf13325f7f136d18c18b0e8584a0747129ac7994a88054a448b168
SHA512

dad1da2bcdd177da87c6476268b8eb7c352c9890dc754c35320825dde5ecb320cbe6cb772eb74fd08547537cce9306f8fe4c68caac2ae534e52636aa2265eade
SSDEEP

3072:yZ3vlHjQhJ3wE8iGK01Py3Vvsa26nfjQb6uNHG+yi38/rwdusS9V0alO2alNjgSr:oo3wBi+1Py3V0a2WkRNgi3caOHO5NjoO

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.165

218.54.31.226

Targets

- Target
  
  3994c840d6f44530b65344ae7db13510_JC.exe
- Size
  
  436KB
- MD5
  
  3994c840d6f44530b65344ae7db13510
- SHA1
  
  291b9f6494d6a4b3f105f8d91b558f90582164c5
- SHA256
  
  d0d73efe8ddf13325f7f136d18c18b0e8584a0747129ac7994a88054a448b168
- SHA512
  
  dad1da2bcdd177da87c6476268b8eb7c352c9890dc754c35320825dde5ecb320cbe6cb772eb74fd08547537cce9306f8fe4c68caac2ae534e52636aa2265eade
- SSDEEP
  
  3072:yZ3vlHjQhJ3wE8iGK01Py3Vvsa26nfjQb6uNHG+yi38/rwdusS9V0alO2alNjgSr:oo3wBi+1Py3V0a2WkRNgi3caOHO5NjoO
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2