urelas | 1c246f773d985513ffd16a5b5372a9ff70f901c7fe55eda020b1b6c7693b80bd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5269350bef62ca9596186548c5c08cc0.bin
Size

206KB
Sample

231107-cj2f8sbd84
MD5

5269350bef62ca9596186548c5c08cc0
SHA1

1773844f60b9af90ae8ae3c65fd71812f65a73cd
SHA256

1c246f773d985513ffd16a5b5372a9ff70f901c7fe55eda020b1b6c7693b80bd
SHA512

ae5a4b43be3b60954725809be9d9bab8cee1f6ffa50180b1edc42a04ca6769502950503b2a698b0549af93db3c09d5ef58faf5395563f6e154fb099b85e3adf7
SSDEEP

3072:fXKKeWcNEzT5zvfpmGYoUyDpwPHHaFeo66bsDl8NLm:fXKK/cNcT5wDyDpCH6FL66bsDlym

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

112.175.88.208

112.175.88.207

Targets

- Target
  
  5269350bef62ca9596186548c5c08cc0.bin
- Size
  
  206KB
- MD5
  
  5269350bef62ca9596186548c5c08cc0
- SHA1
  
  1773844f60b9af90ae8ae3c65fd71812f65a73cd
- SHA256
  
  1c246f773d985513ffd16a5b5372a9ff70f901c7fe55eda020b1b6c7693b80bd
- SHA512
  
  ae5a4b43be3b60954725809be9d9bab8cee1f6ffa50180b1edc42a04ca6769502950503b2a698b0549af93db3c09d5ef58faf5395563f6e154fb099b85e3adf7
- SSDEEP
  
  3072:fXKKeWcNEzT5zvfpmGYoUyDpwPHHaFeo66bsDl8NLm:fXKK/cNcT5wDyDpCH6FL66bsDlym
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2