urelas | 001ebed0cc678ade59c90d6937de0dd9cec8ed1b565d3bbc6385e7534b602f55 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Backdoor.Win32.Plite.bhte-001ebed0cc678ade59c90d6937de0dd9cec8ed1b565d3bbc6385e7534b602f55
Size

486KB
Sample

240229-hn34hshg32
MD5

0e206b5d0ef3f4430c393e0d6ed2006c
SHA1

2024ecc37b01aebd48d39de633a9953999c33046
SHA256

001ebed0cc678ade59c90d6937de0dd9cec8ed1b565d3bbc6385e7534b602f55
SHA512

21735a43b23ddf1cdd93a6bbedb3ad4b207837b8cd7c33f14669a4570222e1837802f5c4cdf473ca45d638ac92dfb74254be667b5ae06bdbf72efa7f446c1541
SSDEEP

6144:3yKfEd7FQGSmAWRViVxGwl+fQSVY/Z+I2VLfFX/L3WsuF9BRIMv9alQ1pEKuH86T:3o7CGWcQSyYI2VrFKH5RBv9AQ1pEDdKK

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

218.54.31.166

Targets

- Target
  
  Backdoor.Win32.Plite.bhte-001ebed0cc678ade59c90d6937de0dd9cec8ed1b565d3bbc6385e7534b602f55
- Size
  
  486KB
- MD5
  
  0e206b5d0ef3f4430c393e0d6ed2006c
- SHA1
  
  2024ecc37b01aebd48d39de633a9953999c33046
- SHA256
  
  001ebed0cc678ade59c90d6937de0dd9cec8ed1b565d3bbc6385e7534b602f55
- SHA512
  
  21735a43b23ddf1cdd93a6bbedb3ad4b207837b8cd7c33f14669a4570222e1837802f5c4cdf473ca45d638ac92dfb74254be667b5ae06bdbf72efa7f446c1541
- SSDEEP
  
  6144:3yKfEd7FQGSmAWRViVxGwl+fQSVY/Z+I2VLfFX/L3WsuF9BRIMv9alQ1pEKuH86T:3o7CGWcQSyYI2VrFKH5RBv9AQ1pEDdKK
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2