urelas | 9b4656c4e88b37ff195b7c4db1dbbf7534f78d5f8f78f4b417ae723497a3c53d | Triage

Sharing

General

Target

9b4656c4e88b37ff195b7c4db1dbbf7534f78d5f8f78f4b417ae723497a3c53d
Size

431KB
Sample

240312-ap9npaae8z
MD5

a1d08bac43645ead41867687841f8dba
SHA1

2fc3659dfdb7aba6ee45b15f11f11b6045898525
SHA256

9b4656c4e88b37ff195b7c4db1dbbf7534f78d5f8f78f4b417ae723497a3c53d
SHA512

283b5666c127d8d82d56176584ad58dae072acf41cae0d52c820c478d649efc0dfcfd2fac5561aabe3e2f897d5b22c5bda41b4640710c452e9c972cf1e1b0fac
SSDEEP

6144:UzU7blKaP2iCWhWapKRaRXOkN4Swel6f3IuODGLJGbd:uU7M5ijWh0XOW4sEfHOXd

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

Targets

- Target
  
  9b4656c4e88b37ff195b7c4db1dbbf7534f78d5f8f78f4b417ae723497a3c53d
- Size
  
  431KB
- MD5
  
  a1d08bac43645ead41867687841f8dba
- SHA1
  
  2fc3659dfdb7aba6ee45b15f11f11b6045898525
- SHA256
  
  9b4656c4e88b37ff195b7c4db1dbbf7534f78d5f8f78f4b417ae723497a3c53d
- SHA512
  
  283b5666c127d8d82d56176584ad58dae072acf41cae0d52c820c478d649efc0dfcfd2fac5561aabe3e2f897d5b22c5bda41b4640710c452e9c972cf1e1b0fac
- SSDEEP
  
  6144:UzU7blKaP2iCWhWapKRaRXOkN4Swel6f3IuODGLJGbd:uU7M5ijWh0XOW4sEfHOXd
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2