urelas | d6f97694f127bfeab5279d9a81fbed470304d9aa03a1820fe3f2140a2dde4c63 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1826d8bf15957e0a7b11710b1676722a
Size

197KB
Sample

231224-24cfaabfe8
MD5

1826d8bf15957e0a7b11710b1676722a
SHA1

1abae58ec66410b68811b8bff4921d1a30ded986
SHA256

d6f97694f127bfeab5279d9a81fbed470304d9aa03a1820fe3f2140a2dde4c63
SHA512

23efbb9dda75fe98343f251f922a2948377f564da23df4e05f8395272c7cb1e1ad6f20a14fcb34dec2509f972faba1ce2bacbe903c8d5ab1e6ace586c5179620
SSDEEP

3072:gAwixCZ6Sh77R2Gpf606U8v0e7OIgPDFIbbzhPM67fIhAk:gExhk7rh7NEOIYWlPM6r6H

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  1826d8bf15957e0a7b11710b1676722a
- Size
  
  197KB
- MD5
  
  1826d8bf15957e0a7b11710b1676722a
- SHA1
  
  1abae58ec66410b68811b8bff4921d1a30ded986
- SHA256
  
  d6f97694f127bfeab5279d9a81fbed470304d9aa03a1820fe3f2140a2dde4c63
- SHA512
  
  23efbb9dda75fe98343f251f922a2948377f564da23df4e05f8395272c7cb1e1ad6f20a14fcb34dec2509f972faba1ce2bacbe903c8d5ab1e6ace586c5179620
- SSDEEP
  
  3072:gAwixCZ6Sh77R2Gpf606U8v0e7OIgPDFIbbzhPM67fIhAk:gExhk7rh7NEOIYWlPM6r6H
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2