urelas | ce686444e9efcc8bfc02d34d6e5fe0fa92c17731552259d0f1f9c4869d42b3b4 | Triage

Sharing

General

Target

NEAS.30fbf43d06640fe0b3e5c723a161a1a0.exe
Size

143KB
Sample

231022-vth2racd9s
MD5

30fbf43d06640fe0b3e5c723a161a1a0
SHA1

8ca198d54a2fe3696566051dd621e51f07256e9a
SHA256

ce686444e9efcc8bfc02d34d6e5fe0fa92c17731552259d0f1f9c4869d42b3b4
SHA512

c1edb62027bdfb59ff1d528fd5e225357eb5602751ca7aec316122d0f2b32ca2f8bf220c9eeef5982626a6b7ab69e5b3341d77387b6b8ef30a821dc6478a5c00
SSDEEP

1536:L/oEFqfCZ10zcT9Yh8AIXcjyz9cOXfiXGImcatMrsWjcdW6o5gRwtTfKCl0:L/5FqCxiXEcO3XfGf2tMUW6o5gRwdll0

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  NEAS.30fbf43d06640fe0b3e5c723a161a1a0.exe
- Size
  
  143KB
- MD5
  
  30fbf43d06640fe0b3e5c723a161a1a0
- SHA1
  
  8ca198d54a2fe3696566051dd621e51f07256e9a
- SHA256
  
  ce686444e9efcc8bfc02d34d6e5fe0fa92c17731552259d0f1f9c4869d42b3b4
- SHA512
  
  c1edb62027bdfb59ff1d528fd5e225357eb5602751ca7aec316122d0f2b32ca2f8bf220c9eeef5982626a6b7ab69e5b3341d77387b6b8ef30a821dc6478a5c00
- SSDEEP
  
  1536:L/oEFqfCZ10zcT9Yh8AIXcjyz9cOXfiXGImcatMrsWjcdW6o5gRwtTfKCl0:L/5FqCxiXEcO3XfGf2tMUW6o5gRwdll0
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2