urelas | db67c417fd7bc947044c0a29888c493d0ec4a4dd4dd4a7b64b29f587c3c95791 | Triage

Sharing

General

Target

db67c417fd7bc947044c0a29888c493d0ec4a4dd4dd4a7b64b29f587c3c95791
Size

186KB
Sample

240405-b1y7rshd29
MD5

4491cbe6f8811578ad2c6481785d8f25
SHA1

2486de2ec51e2f3d39eb656ecd7e2f989efb4998
SHA256

db67c417fd7bc947044c0a29888c493d0ec4a4dd4dd4a7b64b29f587c3c95791
SHA512

d27062f3bd3b344b405b28ba5e27eca37f6bf4f60a39b0671d75b0abe7823bd15b892e8301e7b7af89e20aa8fa97a21eecfd78b9d3d563c58a6a270a5c953c2f
SSDEEP

3072:CgFeKWwO8PWlafsuKLIor6G4hvomP65TPp00uhtTI:CkeKWCWlafsFLR8BPwPp05TI

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

112.175.88.208

112.175.88.209

112.175.88.207

Targets

- Target
  
  db67c417fd7bc947044c0a29888c493d0ec4a4dd4dd4a7b64b29f587c3c95791
- Size
  
  186KB
- MD5
  
  4491cbe6f8811578ad2c6481785d8f25
- SHA1
  
  2486de2ec51e2f3d39eb656ecd7e2f989efb4998
- SHA256
  
  db67c417fd7bc947044c0a29888c493d0ec4a4dd4dd4a7b64b29f587c3c95791
- SHA512
  
  d27062f3bd3b344b405b28ba5e27eca37f6bf4f60a39b0671d75b0abe7823bd15b892e8301e7b7af89e20aa8fa97a21eecfd78b9d3d563c58a6a270a5c953c2f
- SSDEEP
  
  3072:CgFeKWwO8PWlafsuKLIor6G4hvomP65TPp00uhtTI:CkeKWCWlafsFLR8BPwPp05TI
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2