urelas | 44fc4fba4ac5f5a9d36cd543aa733d076a38c2e7a1d71834389468166ab48b52 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

44fc4fba4ac5f5a9d36cd543aa733d076a38c2e7a1d71834389468166ab48b52
Size

167KB
Sample

240313-xvlkdafc56
MD5

d26676d7f2326eff6d1e61e37e4a2f51
SHA1

a5912c9d44e31e96c80bca866c26eeca6f3e8b3f
SHA256

44fc4fba4ac5f5a9d36cd543aa733d076a38c2e7a1d71834389468166ab48b52
SHA512

cf79c68be4b11249c452a868d69f1da0ee91a02c0a0122236f1156b3602d39e5379dd0a1fa83729ac855251c0a18516df0b195e2ee9333c62603b4466e3ff21a
SSDEEP

3072:yp56zRJ83+OJ7NoGvdwWy6k04yW/KR0Yx4BXP6:yOzRWu27dlOd5/YWVy

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  44fc4fba4ac5f5a9d36cd543aa733d076a38c2e7a1d71834389468166ab48b52
- Size
  
  167KB
- MD5
  
  d26676d7f2326eff6d1e61e37e4a2f51
- SHA1
  
  a5912c9d44e31e96c80bca866c26eeca6f3e8b3f
- SHA256
  
  44fc4fba4ac5f5a9d36cd543aa733d076a38c2e7a1d71834389468166ab48b52
- SHA512
  
  cf79c68be4b11249c452a868d69f1da0ee91a02c0a0122236f1156b3602d39e5379dd0a1fa83729ac855251c0a18516df0b195e2ee9333c62603b4466e3ff21a
- SSDEEP
  
  3072:yp56zRJ83+OJ7NoGvdwWy6k04yW/KR0Yx4BXP6:yOzRWu27dlOd5/YWVy
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2