urelas | 81d8afad7ddcdbb11e808c88da424e9477a38a0a936c88f798e1284cd9bce023 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

81d8afad7ddcdbb11e808c88da424e9477a38a0a936c88f798e1284cd9bce023
Size

265KB
Sample

240417-r96afaee4x
MD5

a55b4858aa35a54c3d862f2b4dc40004
SHA1

a87b49b95118dce1a574a69cb4fe028b7c5d7f01
SHA256

81d8afad7ddcdbb11e808c88da424e9477a38a0a936c88f798e1284cd9bce023
SHA512

03f18a01ba1d4904ae9b5c0cee70eda5acc3ef258d31d931cd20c85a3bf679a0d2fac3c50d17a83f02425fd012bb978cc2d28076ab176177c4ffc383d65b90ff
SSDEEP

6144:QsrX9po+970nL2PsYTTVo1oMXjoEDtfBfVcYD86K3a2:TDl9oub1oBzVHVR0

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

Targets

- Target
  
  0b36e4a25748a1daf0dbe1ed9b8ccd7208a0be2a536a14272771c8deff11d65d.exe
- Size
  
  461KB
- MD5
  
  07c7f5de12c99be42f9d473a1a879456
- SHA1
  
  1c02151d3c0b3d3bcdd731b17db39ca8c2778c1a
- SHA256
  
  0b36e4a25748a1daf0dbe1ed9b8ccd7208a0be2a536a14272771c8deff11d65d
- SHA512
  
  57e8baac2dddca2db65d301001dcc8724db04687e93db8a6491f47170cfb6d5602c92197d0c8a7b86f55ef438a83d0b97bffbfd24d07dae4dac2135add02f8f1
- SSDEEP
  
  6144:qmbmLppYOuakYGWV5ZhExy1gO8B9vhMQqATCSw2wp5:qma6id7TsrhS8/wl
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2