urelas | 78b1f1335b9a822fb5e9e24c70b3eb87f229f3383f1f9db67fafec43abf19dbb | Triage

Sharing

General

Target

78b1f1335b9a822fb5e9e24c70b3eb87f229f3383f1f9db67fafec43abf19dbb
Size

336KB
Sample

240319-1khbraha8y
MD5

25c58eb932724a40ba440ab0da42c526
SHA1

8fb69b4b550599d0a4d9a50b07ad43a5bc461dc9
SHA256

78b1f1335b9a822fb5e9e24c70b3eb87f229f3383f1f9db67fafec43abf19dbb
SHA512

d96f098b0e951d26c4fb440e11c0bfe0e3d8971c9da157cc7cbdacf6c666cfe3ceecf1ecaa9c7a559181d1ce3137e2bd37fb376dc89099c03300c7b7395c156e
SSDEEP

6144:GLtOexihqv4m+lXD6betiTuBMTWjIDIiUBAkW9UOKMOtzWO8CatspddOE:GL1D+IatauBML42MykRa6j

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

- Target
  
  78b1f1335b9a822fb5e9e24c70b3eb87f229f3383f1f9db67fafec43abf19dbb
- Size
  
  336KB
- MD5
  
  25c58eb932724a40ba440ab0da42c526
- SHA1
  
  8fb69b4b550599d0a4d9a50b07ad43a5bc461dc9
- SHA256
  
  78b1f1335b9a822fb5e9e24c70b3eb87f229f3383f1f9db67fafec43abf19dbb
- SHA512
  
  d96f098b0e951d26c4fb440e11c0bfe0e3d8971c9da157cc7cbdacf6c666cfe3ceecf1ecaa9c7a559181d1ce3137e2bd37fb376dc89099c03300c7b7395c156e
- SSDEEP
  
  6144:GLtOexihqv4m+lXD6betiTuBMTWjIDIiUBAkW9UOKMOtzWO8CatspddOE:GL1D+IatauBML42MykRa6j
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2