urelas | aa9038b8a8202edd9e447f643da1d31c849c98f8c4d3340af367629b191703e8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.d8380ab9c6183cc605f4798640f23800.exe
Size

427KB
Sample

231013-zjcjfahd7y
MD5

d8380ab9c6183cc605f4798640f23800
SHA1

91f92e21b96f90b24a25f7f505abb4db67bc2854
SHA256

aa9038b8a8202edd9e447f643da1d31c849c98f8c4d3340af367629b191703e8
SHA512

c156de0002bcc310fe1018d4e412444fa6819b979636b260c17d93285a6aae933b4520b6bd2b3ae3e3aa61792a71938816e9c6502ea7f6efd1b025527697c42c
SSDEEP

6144:O+puJ4OZnkJLjMUKCCskAr9ZgeErN1RlpNxE4KCRvGuYJiInbafUpRbo:OgYNZnkJkUcE4J1RTM4Nv7f

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

121.88.5.183

218.54.30.235

Targets

- Target
  
  NEAS.d8380ab9c6183cc605f4798640f23800.exe
- Size
  
  427KB
- MD5
  
  d8380ab9c6183cc605f4798640f23800
- SHA1
  
  91f92e21b96f90b24a25f7f505abb4db67bc2854
- SHA256
  
  aa9038b8a8202edd9e447f643da1d31c849c98f8c4d3340af367629b191703e8
- SHA512
  
  c156de0002bcc310fe1018d4e412444fa6819b979636b260c17d93285a6aae933b4520b6bd2b3ae3e3aa61792a71938816e9c6502ea7f6efd1b025527697c42c
- SSDEEP
  
  6144:O+puJ4OZnkJLjMUKCCskAr9ZgeErN1RlpNxE4KCRvGuYJiInbafUpRbo:OgYNZnkJkUcE4J1RTM4Nv7f
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2