urelas | 9df6fbcdb5c43d22e0e7a60aa156a3492ba7a4ecb39753cacc258f9b1704e51f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9df6fbcdb5c43d22e0e7a60aa156a3492ba7a4ecb39753cacc258f9b1704e51f
Size

276KB
Sample

240409-asvnyagd55
MD5

4814e846831833acf4f8d0e8d49e425d
SHA1

90e0d1a2b813401f0865a6c406e18547b52096c5
SHA256

9df6fbcdb5c43d22e0e7a60aa156a3492ba7a4ecb39753cacc258f9b1704e51f
SHA512

e3c277f4e52a8542f497304d7e4c84d875b4dd906ab05be29eb9cd923b96bff83d5ece3851c27feed795b83a9f16a3c89ddf9e5e8e815aa1f1ffe5c25b1144b2
SSDEEP

6144:jjRKpaz7NrnzxIOyh5pvNLd+muC6tzpop1roiF:j3nlIOyh5pvNg3C6tK

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

121.88.5.184

121.88.5.183

218.54.30.235

218.54.28.139

Targets

- Target
  
  9df6fbcdb5c43d22e0e7a60aa156a3492ba7a4ecb39753cacc258f9b1704e51f
- Size
  
  276KB
- MD5
  
  4814e846831833acf4f8d0e8d49e425d
- SHA1
  
  90e0d1a2b813401f0865a6c406e18547b52096c5
- SHA256
  
  9df6fbcdb5c43d22e0e7a60aa156a3492ba7a4ecb39753cacc258f9b1704e51f
- SHA512
  
  e3c277f4e52a8542f497304d7e4c84d875b4dd906ab05be29eb9cd923b96bff83d5ece3851c27feed795b83a9f16a3c89ddf9e5e8e815aa1f1ffe5c25b1144b2
- SSDEEP
  
  6144:jjRKpaz7NrnzxIOyh5pvNLd+muC6tzpop1roiF:j3nlIOyh5pvNg3C6tK
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2