urelas | 4e16aa00f35995b82c1a80f32cfef7ba9030b033a83c475690d7ab91314f769e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4e16aa00f35995b82c1a80f32cfef7ba9030b033a83c475690d7ab91314f769e
Size

458KB
Sample

240325-xgc13sfg49
MD5

f02585343d9a079a7b9706a616a76936
SHA1

6e20e47c0fdee952f27f6947a58fd6d854bce01f
SHA256

4e16aa00f35995b82c1a80f32cfef7ba9030b033a83c475690d7ab91314f769e
SHA512

15af22556b1b7d1f5880bc9e80852db0bf34cd38ce531b5218b5919644a64b2683a59dd83e1011742cef4e503a15dca490ce1fc539e55d52ebe26d9bde74065b
SSDEEP

6144:CEK25f5ySIcWLsxIIW4DYM6SB6v+qLnAzYmhwrxcvkzmSOpdFTWHX6:CMpASIcWYx2U6hAJQnj36

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

- Target
  
  4e16aa00f35995b82c1a80f32cfef7ba9030b033a83c475690d7ab91314f769e
- Size
  
  458KB
- MD5
  
  f02585343d9a079a7b9706a616a76936
- SHA1
  
  6e20e47c0fdee952f27f6947a58fd6d854bce01f
- SHA256
  
  4e16aa00f35995b82c1a80f32cfef7ba9030b033a83c475690d7ab91314f769e
- SHA512
  
  15af22556b1b7d1f5880bc9e80852db0bf34cd38ce531b5218b5919644a64b2683a59dd83e1011742cef4e503a15dca490ce1fc539e55d52ebe26d9bde74065b
- SSDEEP
  
  6144:CEK25f5ySIcWLsxIIW4DYM6SB6v+qLnAzYmhwrxcvkzmSOpdFTWHX6:CMpASIcWYx2U6hAJQnj36
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2