urelas | 28d71402c52c0b3bb6fefd4d995cdc82f8e173c0a9e50eb690be37b228b46cfc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6c79bd474d3d1e64feadfdd3692b2b30_exe32.exe
Size

208KB
Sample

231015-yc3llscb7y
MD5

6c79bd474d3d1e64feadfdd3692b2b30
SHA1

1ca7accb91742c19efb726434cb36a7b7c1e75b8
SHA256

28d71402c52c0b3bb6fefd4d995cdc82f8e173c0a9e50eb690be37b228b46cfc
SHA512

a754ed34912d545f39b39cbf8cbdf6c46631a9d2e6b5780ee6ad4727010f0237318179c8e161eb9b7f3d88ed6c19a67541b876a1cd273df5a3c7e8e50146ddbf
SSDEEP

1536:DuhL7dKJY/aTztv1UF7+RcbpP/iOOaDXl32oNIVelT2r9ZLzi/4kgg57lmKwrr5k:GBKBy7+8pCOH1ch9ZLqrwrr58V2pmZ

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.226

218.54.31.165

Targets

- Target
  
  6c79bd474d3d1e64feadfdd3692b2b30_exe32.exe
- Size
  
  208KB
- MD5
  
  6c79bd474d3d1e64feadfdd3692b2b30
- SHA1
  
  1ca7accb91742c19efb726434cb36a7b7c1e75b8
- SHA256
  
  28d71402c52c0b3bb6fefd4d995cdc82f8e173c0a9e50eb690be37b228b46cfc
- SHA512
  
  a754ed34912d545f39b39cbf8cbdf6c46631a9d2e6b5780ee6ad4727010f0237318179c8e161eb9b7f3d88ed6c19a67541b876a1cd273df5a3c7e8e50146ddbf
- SSDEEP
  
  1536:DuhL7dKJY/aTztv1UF7+RcbpP/iOOaDXl32oNIVelT2r9ZLzi/4kgg57lmKwrr5k:GBKBy7+8pCOH1ch9ZLqrwrr58V2pmZ
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2