urelas | 6e260e670af0036709d6b8e72541f60e45a02bd6a5b0c0bb8260a1574bb96619 | Triage

Sharing

General

Target

6e260e670af0036709d6b8e72541f60e45a02bd6a5b0c0bb8260a1574bb96619
Size

366KB
Sample

240418-24tdssae81
MD5

8d485f83022e4be758176248bb551a09
SHA1

a75b23f6102cf0b4ba71590ec1da7f72421d74e4
SHA256

6e260e670af0036709d6b8e72541f60e45a02bd6a5b0c0bb8260a1574bb96619
SHA512

80c45c3eb593ceb284fa513245ffb5c0d5a971795250552d0f1b24959fba1cf5943f7843421b69f945367578db175af1fbd4b74dba7c73d93065288ee76edbfa
SSDEEP

6144:1o3whi+1Py3V0a24kOn+Sr72iyjmhuKtUYiw52hVOcvBRMHkWYHpo:YKf1PyKa2anKjm3OYZ2hocvHK

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.165

218.54.31.226

Targets

- Target
  
  6e260e670af0036709d6b8e72541f60e45a02bd6a5b0c0bb8260a1574bb96619
- Size
  
  366KB
- MD5
  
  8d485f83022e4be758176248bb551a09
- SHA1
  
  a75b23f6102cf0b4ba71590ec1da7f72421d74e4
- SHA256
  
  6e260e670af0036709d6b8e72541f60e45a02bd6a5b0c0bb8260a1574bb96619
- SHA512
  
  80c45c3eb593ceb284fa513245ffb5c0d5a971795250552d0f1b24959fba1cf5943f7843421b69f945367578db175af1fbd4b74dba7c73d93065288ee76edbfa
- SSDEEP
  
  6144:1o3whi+1Py3V0a24kOn+Sr72iyjmhuKtUYiw52hVOcvBRMHkWYHpo:YKf1PyKa2anKjm3OYZ2hocvHK
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2