urelas | ddd62f3ee965c9a064e693d4c842b37485185de68f06a81201d15e87b7130522 | Triage

Sharing

General

Target

81415bd536fc032774e6a40e242369af
Size

447KB
Sample

231222-lesg7sgff3
MD5

81415bd536fc032774e6a40e242369af
SHA1

ae6f9c60a34060ecf77f6a6675c89461f41dfb95
SHA256

ddd62f3ee965c9a064e693d4c842b37485185de68f06a81201d15e87b7130522
SHA512

2191169ee4c7bd28116144a47d73df742c559a72587b2a738842b3c71e155755ba9b345a00e1cc53a5425d917f2fd41e69c49ea275cb63c4d9ab4afcd5e1f302
SSDEEP

6144:PEK25f5ySIcWLsxIIW4DYM6SB6v+qLnAzYmhwrxcvkzmSOpo+:PMpASIcWYx2U6hAJQnq

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

- Target
  
  81415bd536fc032774e6a40e242369af
- Size
  
  447KB
- MD5
  
  81415bd536fc032774e6a40e242369af
- SHA1
  
  ae6f9c60a34060ecf77f6a6675c89461f41dfb95
- SHA256
  
  ddd62f3ee965c9a064e693d4c842b37485185de68f06a81201d15e87b7130522
- SHA512
  
  2191169ee4c7bd28116144a47d73df742c559a72587b2a738842b3c71e155755ba9b345a00e1cc53a5425d917f2fd41e69c49ea275cb63c4d9ab4afcd5e1f302
- SSDEEP
  
  6144:PEK25f5ySIcWLsxIIW4DYM6SB6v+qLnAzYmhwrxcvkzmSOpo+:PMpASIcWYx2U6hAJQnq
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2