urelas | 63213b365966bcf4091c4157a11b3c8a850bb58b39c2963f1f66a9c36efc7803 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.351a0d2aa10d454afb7fc8352feff1c0.exe
Size

210KB
Sample

231102-x5evksgb67
MD5

351a0d2aa10d454afb7fc8352feff1c0
SHA1

edab27bbb0d256f73a36d48159a5fa011c4355ba
SHA256

63213b365966bcf4091c4157a11b3c8a850bb58b39c2963f1f66a9c36efc7803
SHA512

4573d9a93826f76d7eb0f2db25fc88d68d16af1daaf36bcbf6f40092830e2845cd4744052a5b271538f0a91bd28963606edb037df1d3d0ad4bb5197f23dab9e9
SSDEEP

1536:DuhL7dKJY/aTztv1UF7+RcbpP/iOOaDXl32oNIVelT2r9ZLzi/4kgg57lmKwrr5/:GBKBy7+8pCOH1ch9ZLqrwrr58V2pmuT

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.226

218.54.31.165

Targets

- Target
  
  NEAS.351a0d2aa10d454afb7fc8352feff1c0.exe
- Size
  
  210KB
- MD5
  
  351a0d2aa10d454afb7fc8352feff1c0
- SHA1
  
  edab27bbb0d256f73a36d48159a5fa011c4355ba
- SHA256
  
  63213b365966bcf4091c4157a11b3c8a850bb58b39c2963f1f66a9c36efc7803
- SHA512
  
  4573d9a93826f76d7eb0f2db25fc88d68d16af1daaf36bcbf6f40092830e2845cd4744052a5b271538f0a91bd28963606edb037df1d3d0ad4bb5197f23dab9e9
- SSDEEP
  
  1536:DuhL7dKJY/aTztv1UF7+RcbpP/iOOaDXl32oNIVelT2r9ZLzi/4kgg57lmKwrr5/:GBKBy7+8pCOH1ch9ZLqrwrr58V2pmuT
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2