urelas | c6dc573abd7e79d628d00a356181f25f22ea25d4ee919239558213871507f5b5 | Triage

Sharing

General

Target

NEAS.2e57461c2a299ef3de623e300603f770.exe
Size

206KB
Sample

231031-ksxhmsbf21
MD5

2e57461c2a299ef3de623e300603f770
SHA1

b9fd79cfa25069ff7453fcd2bb87b554e8da46d4
SHA256

c6dc573abd7e79d628d00a356181f25f22ea25d4ee919239558213871507f5b5
SHA512

f40fa8b7819679c25c5b1f7392972198b2c181b266ce0d0040facadad45b6b01d4bd2687ed7a7041d3863c1c6edeff671e034b2361e5d70b05735312d7bc4015
SSDEEP

3072:L35mFRH2RidZlP1vaiOjqok3pNAiQ5h/6QUsNl/gBk:L35mFRWRUvPhT73pKfh/6QUsL

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

121.88.5.183

218.54.28.139

121.88.5.181

Targets

- Target
  
  NEAS.2e57461c2a299ef3de623e300603f770.exe
- Size
  
  206KB
- MD5
  
  2e57461c2a299ef3de623e300603f770
- SHA1
  
  b9fd79cfa25069ff7453fcd2bb87b554e8da46d4
- SHA256
  
  c6dc573abd7e79d628d00a356181f25f22ea25d4ee919239558213871507f5b5
- SHA512
  
  f40fa8b7819679c25c5b1f7392972198b2c181b266ce0d0040facadad45b6b01d4bd2687ed7a7041d3863c1c6edeff671e034b2361e5d70b05735312d7bc4015
- SSDEEP
  
  3072:L35mFRH2RidZlP1vaiOjqok3pNAiQ5h/6QUsNl/gBk:L35mFRWRUvPhT73pKfh/6QUsL
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2