urelas | d89db36777307b0ccee1e2a45bfaccc443ac73a7857abc180214f6c8a1ca0190 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.60d1c44a86f8b6d8b59ca380556c9340.exe
Size

291KB
Sample

231028-ym1j1aga61
MD5

60d1c44a86f8b6d8b59ca380556c9340
SHA1

aa55e9b3038377eb4ec6cac5ffa8bb1332922989
SHA256

d89db36777307b0ccee1e2a45bfaccc443ac73a7857abc180214f6c8a1ca0190
SHA512

af9f34e6620a70deb49c88f14c4637ee87a78bc7960f1c55074189c9db041b2030694754743ece2dfd35da6fe9cc1369e40efa8e71a1f1add7baba3b35b1a78b
SSDEEP

6144:zCKw0+tZvozAx9/dpwwyQHhjqZDq8NjPCjEGpAJiJ/L4IR:2JH0Ze8NzIWez4IR

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.165

218.54.31.226

Targets

- Target
  
  NEAS.60d1c44a86f8b6d8b59ca380556c9340.exe
- Size
  
  291KB
- MD5
  
  60d1c44a86f8b6d8b59ca380556c9340
- SHA1
  
  aa55e9b3038377eb4ec6cac5ffa8bb1332922989
- SHA256
  
  d89db36777307b0ccee1e2a45bfaccc443ac73a7857abc180214f6c8a1ca0190
- SHA512
  
  af9f34e6620a70deb49c88f14c4637ee87a78bc7960f1c55074189c9db041b2030694754743ece2dfd35da6fe9cc1369e40efa8e71a1f1add7baba3b35b1a78b
- SSDEEP
  
  6144:zCKw0+tZvozAx9/dpwwyQHhjqZDq8NjPCjEGpAJiJ/L4IR:2JH0Ze8NzIWez4IR
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2