urelas | ff34314a429adb6dae01697ca5ae48bfec80dcefdef39629c9eed36d65ab49c6 | Triage

Sharing

General

Target

NEAS.e5ae79491bdad7d13b42da25a61ee100.exe
Size

231KB
Sample

231022-v3sbsabh95
MD5

e5ae79491bdad7d13b42da25a61ee100
SHA1

20d4fecb9314ccb047a5a6ab4695a0fc40fa4f67
SHA256

ff34314a429adb6dae01697ca5ae48bfec80dcefdef39629c9eed36d65ab49c6
SHA512

2a6e5dbe04354735a02eef891bd97dc28905d63a073e3193a27f62c33fc361cefd48a451c3aff328d392c6350d44c1d655d89634e0e8045787edb7a50a4fb947
SSDEEP

3072:/YshWbz+6LPr5Qy7K65UC1O9Ro2rqYyXzCEwGNy:/YQWbS6LPeHC1O9RleYuzCEwGNy

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

112.175.88.207

112.175.88.208

Targets

- Target
  
  NEAS.e5ae79491bdad7d13b42da25a61ee100.exe
- Size
  
  231KB
- MD5
  
  e5ae79491bdad7d13b42da25a61ee100
- SHA1
  
  20d4fecb9314ccb047a5a6ab4695a0fc40fa4f67
- SHA256
  
  ff34314a429adb6dae01697ca5ae48bfec80dcefdef39629c9eed36d65ab49c6
- SHA512
  
  2a6e5dbe04354735a02eef891bd97dc28905d63a073e3193a27f62c33fc361cefd48a451c3aff328d392c6350d44c1d655d89634e0e8045787edb7a50a4fb947
- SSDEEP
  
  3072:/YshWbz+6LPr5Qy7K65UC1O9Ro2rqYyXzCEwGNy:/YQWbS6LPeHC1O9RleYuzCEwGNy
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2