urelas | 1a005f4f95d254e2b01094bbfa1175e7509289f96106789f609708847f8a11a3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.7990192978d6d12758dfb064ee907dd0.exe
Size

468KB
Sample

231112-zyb68acd52
MD5

7990192978d6d12758dfb064ee907dd0
SHA1

e11140a099cafa757f013194e37d2e26ee6ff136
SHA256

1a005f4f95d254e2b01094bbfa1175e7509289f96106789f609708847f8a11a3
SHA512

f7ef89f8c7f64c78044d32e390280cc1baeff448cc73d6e1792821defe46d645a8bc55e9ea7692e11a314a5ddfe776d162e6a1607d01247e65ab62d1a77f19d0
SSDEEP

12288:93CtSokfFGUMKwlTIU/b37dJ75WEe+eKTxB6mX:9x9GzHlTv/b35tecFB6G

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

121.88.5.183

121.88.5.184

Targets

- Target
  
  NEAS.7990192978d6d12758dfb064ee907dd0.exe
- Size
  
  468KB
- MD5
  
  7990192978d6d12758dfb064ee907dd0
- SHA1
  
  e11140a099cafa757f013194e37d2e26ee6ff136
- SHA256
  
  1a005f4f95d254e2b01094bbfa1175e7509289f96106789f609708847f8a11a3
- SHA512
  
  f7ef89f8c7f64c78044d32e390280cc1baeff448cc73d6e1792821defe46d645a8bc55e9ea7692e11a314a5ddfe776d162e6a1607d01247e65ab62d1a77f19d0
- SSDEEP
  
  12288:93CtSokfFGUMKwlTIU/b37dJ75WEe+eKTxB6mX:9x9GzHlTv/b35tecFB6G
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2