urelas | 23cae92bd27356896882641779791ffa4a62f63027b0f2a36bb2c08e04816ca5 | Triage

Sharing

General

Target

23cae92bd27356896882641779791ffa4a62f63027b0f2a36bb2c08e04816ca5
Size

125KB
Sample

240329-xlbntafd31
MD5

e9643d13888c52f4a10e634f78598cb3
SHA1

91c7e770b1a6f591c6c34fb5b36faa71c890e361
SHA256

23cae92bd27356896882641779791ffa4a62f63027b0f2a36bb2c08e04816ca5
SHA512

3b73426292f0a2b53d22369066ed58cf063585ed2f9bf0ebedf205d424dc69119f82fd698ff9e6b39f11fa478373b5ce24f567cf9c7ad6a53ec94c5d04152b7d
SSDEEP

1536:Ko6JdvxttIBcXISDPV2Mhg3GkFceersWjcd06UsfqW2vxq6UU/Hp1:iHC6D92O8n7eU06UsfUpqCb

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

112.175.88.209

112.175.88.207

112.175.88.208

Targets

- Target
  
  23cae92bd27356896882641779791ffa4a62f63027b0f2a36bb2c08e04816ca5
- Size
  
  125KB
- MD5
  
  e9643d13888c52f4a10e634f78598cb3
- SHA1
  
  91c7e770b1a6f591c6c34fb5b36faa71c890e361
- SHA256
  
  23cae92bd27356896882641779791ffa4a62f63027b0f2a36bb2c08e04816ca5
- SHA512
  
  3b73426292f0a2b53d22369066ed58cf063585ed2f9bf0ebedf205d424dc69119f82fd698ff9e6b39f11fa478373b5ce24f567cf9c7ad6a53ec94c5d04152b7d
- SSDEEP
  
  1536:Ko6JdvxttIBcXISDPV2Mhg3GkFceersWjcd06UsfqW2vxq6UU/Hp1:iHC6D92O8n7eU06UsfUpqCb
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2