urelas | f5d7dda7214f743ef8334ce0aa6bc65389e5ce9f8df57fbca2cc22d1e5bdf675 | Triage

Sharing

General

Target

NEAS.9d317753025927f8c2b746d3e7c16e70.exe
Size

423KB
Sample

231013-zbptssch5y
MD5

9d317753025927f8c2b746d3e7c16e70
SHA1

b579698a685bae9c827a802607a9a12703d2df07
SHA256

f5d7dda7214f743ef8334ce0aa6bc65389e5ce9f8df57fbca2cc22d1e5bdf675
SHA512

d589a55f9e693e40ca46fa6452fe3b8b2fbc070b5de23b57a22d6c738433da35e13939c578d7747397efa2dac2da7ab8597d5d360a43917a723b6f43614dcb35
SSDEEP

12288:L3UxAjzesuBZtpy5KPADlOxnfWVUHGpm2CjDX7BC:L3UiqswtpyhOxuGHGpmXQ

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

- Target
  
  NEAS.9d317753025927f8c2b746d3e7c16e70.exe
- Size
  
  423KB
- MD5
  
  9d317753025927f8c2b746d3e7c16e70
- SHA1
  
  b579698a685bae9c827a802607a9a12703d2df07
- SHA256
  
  f5d7dda7214f743ef8334ce0aa6bc65389e5ce9f8df57fbca2cc22d1e5bdf675
- SHA512
  
  d589a55f9e693e40ca46fa6452fe3b8b2fbc070b5de23b57a22d6c738433da35e13939c578d7747397efa2dac2da7ab8597d5d360a43917a723b6f43614dcb35
- SSDEEP
  
  12288:L3UxAjzesuBZtpy5KPADlOxnfWVUHGpm2CjDX7BC:L3UiqswtpyhOxuGHGpmXQ
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2