urelas | a16a68812c916b28777daf96a82fcff7f33d5c5c94027be27ed4c12b0ccc83c7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4410a5e10e9552894991e694074c6d00_JC.exe
Size

333KB
Sample

231012-n6hs7aba58
MD5

4410a5e10e9552894991e694074c6d00
SHA1

4331706357276fc33965494e1100792a0eeb796b
SHA256

a16a68812c916b28777daf96a82fcff7f33d5c5c94027be27ed4c12b0ccc83c7
SHA512

25ce99eb05c77ce3e669de6048ce3e7d7aef2a32f6f03e42a1188eb9980e0a68432ce8b77a34dbf3576795ac73127d7513f96d5666b72165c723d126980b9299
SSDEEP

6144:asgDYs7ivUxR3JyVVVhmb9ObGT4F53eRFM/O17x0M7unOuO5Lvxk3:asgESlJyrTI9O8aYR717x0M7/G

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

Targets

- Target
  
  4410a5e10e9552894991e694074c6d00_JC.exe
- Size
  
  333KB
- MD5
  
  4410a5e10e9552894991e694074c6d00
- SHA1
  
  4331706357276fc33965494e1100792a0eeb796b
- SHA256
  
  a16a68812c916b28777daf96a82fcff7f33d5c5c94027be27ed4c12b0ccc83c7
- SHA512
  
  25ce99eb05c77ce3e669de6048ce3e7d7aef2a32f6f03e42a1188eb9980e0a68432ce8b77a34dbf3576795ac73127d7513f96d5666b72165c723d126980b9299
- SSDEEP
  
  6144:asgDYs7ivUxR3JyVVVhmb9ObGT4F53eRFM/O17x0M7unOuO5Lvxk3:asgESlJyrTI9O8aYR717x0M7/G
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2