urelas | 62f71e49ed5f1a322324c58e9aa1e97e206ddba975aa55e08c6d26f1fa787b0f | Triage

Sharing

General

Target

Backdoor.Win32.Plite.bhtr-62f71e49ed5f1a322324c58e9aa1e97e206ddba975aa55e08c6d26f1fa787b0f
Size

61KB
Sample

240229-hpa45ahg38
MD5

ac18dbe74249bdd64ff7ddb125320064
SHA1

4f5d6ef53aa3a2e8231f117225aea666b0320783
SHA256

62f71e49ed5f1a322324c58e9aa1e97e206ddba975aa55e08c6d26f1fa787b0f
SHA512

93328d2a668fbe14e1ddcf00cfaef5dda61a88e0fabfac5e66c1129fe2e56f1b06dc4eaa0de904ef4a6fdd2d7007b3a07844ad70b1e035347c3fc21112c5257a
SSDEEP

1536:1jeTAG/cbPGIZ+yy9YKU/p5mhnD4Nje4ur13t:1jYAaM7ZSY9esEVf

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

112.175.88.208

112.175.88.207

Targets

- Target
  
  Backdoor.Win32.Plite.bhtr-62f71e49ed5f1a322324c58e9aa1e97e206ddba975aa55e08c6d26f1fa787b0f
- Size
  
  61KB
- MD5
  
  ac18dbe74249bdd64ff7ddb125320064
- SHA1
  
  4f5d6ef53aa3a2e8231f117225aea666b0320783
- SHA256
  
  62f71e49ed5f1a322324c58e9aa1e97e206ddba975aa55e08c6d26f1fa787b0f
- SHA512
  
  93328d2a668fbe14e1ddcf00cfaef5dda61a88e0fabfac5e66c1129fe2e56f1b06dc4eaa0de904ef4a6fdd2d7007b3a07844ad70b1e035347c3fc21112c5257a
- SSDEEP
  
  1536:1jeTAG/cbPGIZ+yy9YKU/p5mhnD4Nje4ur13t:1jYAaM7ZSY9esEVf
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2