urelas | ad1db0cec071db4da8e898d331155fe018ff208df52921458cd81e3a65446c9d | Triage

Sharing

General

Target

a3bb5925a12f6e42d1361afa3fb690b0
Size

536KB
Sample

240225-n7wfnsba44
MD5

a3bb5925a12f6e42d1361afa3fb690b0
SHA1

2c0ec59db260f9aa8f0f436863e036afbbc744ba
SHA256

ad1db0cec071db4da8e898d331155fe018ff208df52921458cd81e3a65446c9d
SHA512

761b568ffb1c51a7454d3f6b6826fcce516e812ba5e60a87b715cfc997250f975613f219742c3c811a443c5900a7cd46d99088e5ef910efc27f4ac04f93ebdfc
SSDEEP

12288:q0nPhglq2Uyt4R/b2G/0hznQGoexBU/NPI:q0P/k4lb2wKatI

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

Targets

- Target
  
  a3bb5925a12f6e42d1361afa3fb690b0
- Size
  
  536KB
- MD5
  
  a3bb5925a12f6e42d1361afa3fb690b0
- SHA1
  
  2c0ec59db260f9aa8f0f436863e036afbbc744ba
- SHA256
  
  ad1db0cec071db4da8e898d331155fe018ff208df52921458cd81e3a65446c9d
- SHA512
  
  761b568ffb1c51a7454d3f6b6826fcce516e812ba5e60a87b715cfc997250f975613f219742c3c811a443c5900a7cd46d99088e5ef910efc27f4ac04f93ebdfc
- SSDEEP
  
  12288:q0nPhglq2Uyt4R/b2G/0hznQGoexBU/NPI:q0P/k4lb2wKatI
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2