urelas | 05904c17e02ba3dcefffdd3a43099c74db1feab4b8d6995df40701ff8f271f22 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cc645f3795787ffe14542e823b3ff9f0_exe32.exe
Size

322KB
Sample

231015-ygzeragh67
MD5

cc645f3795787ffe14542e823b3ff9f0
SHA1

37218d2ccebf3cb852c5b25e95a9b3f65c4b4099
SHA256

05904c17e02ba3dcefffdd3a43099c74db1feab4b8d6995df40701ff8f271f22
SHA512

208dc1f787450ef825ec4c37b694dac518b070d7e311590cd6ec7472d23cd94100747e0ed38698c7dfa2976443646fde1e83d897bf99ea1cd49178b5df2b0900
SSDEEP

6144:sY4zSop9m06QbGTCnTRoOIH3FPA7AthtLpe:PkXpd6jqiOIHZA3

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

- Target
  
  cc645f3795787ffe14542e823b3ff9f0_exe32.exe
- Size
  
  322KB
- MD5
  
  cc645f3795787ffe14542e823b3ff9f0
- SHA1
  
  37218d2ccebf3cb852c5b25e95a9b3f65c4b4099
- SHA256
  
  05904c17e02ba3dcefffdd3a43099c74db1feab4b8d6995df40701ff8f271f22
- SHA512
  
  208dc1f787450ef825ec4c37b694dac518b070d7e311590cd6ec7472d23cd94100747e0ed38698c7dfa2976443646fde1e83d897bf99ea1cd49178b5df2b0900
- SSDEEP
  
  6144:sY4zSop9m06QbGTCnTRoOIH3FPA7AthtLpe:PkXpd6jqiOIHZA3
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2