urelas | 6a0cb915a305440c4c85830c53a10e106dddc94fc36c317ca7d682814ae399d6 | Triage

Sharing

General

Target

9207d62c7e2a8578f4f34d3322a05d84_JC.exe
Size

315KB
Sample

231012-xd1mzaaf57
MD5

9207d62c7e2a8578f4f34d3322a05d84
SHA1

61ae5264a1bdecbf0183503c7003c0fc6081cf3c
SHA256

6a0cb915a305440c4c85830c53a10e106dddc94fc36c317ca7d682814ae399d6
SHA512

91df21974e94104c1239dc794f4c9bf42c2ffaa0c1e84d4d6221abb9910dc7bddd8f7bb3bd5654b2fb694c045205844d071c64d2791eb208feec435b87fce065
SSDEEP

6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+Xh:vHW138/iXWlK885rKlGSekcj66cih

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

218.54.31.166

Targets

- Target
  
  9207d62c7e2a8578f4f34d3322a05d84_JC.exe
- Size
  
  315KB
- MD5
  
  9207d62c7e2a8578f4f34d3322a05d84
- SHA1
  
  61ae5264a1bdecbf0183503c7003c0fc6081cf3c
- SHA256
  
  6a0cb915a305440c4c85830c53a10e106dddc94fc36c317ca7d682814ae399d6
- SHA512
  
  91df21974e94104c1239dc794f4c9bf42c2ffaa0c1e84d4d6221abb9910dc7bddd8f7bb3bd5654b2fb694c045205844d071c64d2791eb208feec435b87fce065
- SSDEEP
  
  6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+Xh:vHW138/iXWlK885rKlGSekcj66cih
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2