urelas | 6cd2196539fae6a03d8e45e8e74d6d0b8e13288ec55a24dcce42e6282d33bc3e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6cd2196539fae6a03d8e45e8e74d6d0b8e13288ec55a24dcce42e6282d33bc3e
Size

322KB
Sample

240419-2l67yahd67
MD5

c5f6b9312e45926c423a5169b31ab73c
SHA1

11527c0e86602b2e7cd75c06358d3f7ac521ffc8
SHA256

6cd2196539fae6a03d8e45e8e74d6d0b8e13288ec55a24dcce42e6282d33bc3e
SHA512

3560208317666a7a580f7b6c5a00a761965cf500abb8f5f3d5136c8bf4ae015b530170e3d9c810e506a836b9641571ad9d0699fa9666cf228acd0694a49195ac
SSDEEP

6144:TOAztL6W+JJMPkZ5tJb52Wd83erDPKmjxTz7HbYcPCVYhg+KI1:TOMFwMPkDH/QiPLxvzblu2FKe

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.165

218.54.31.226

Targets

- Target
  
  6cd2196539fae6a03d8e45e8e74d6d0b8e13288ec55a24dcce42e6282d33bc3e
- Size
  
  322KB
- MD5
  
  c5f6b9312e45926c423a5169b31ab73c
- SHA1
  
  11527c0e86602b2e7cd75c06358d3f7ac521ffc8
- SHA256
  
  6cd2196539fae6a03d8e45e8e74d6d0b8e13288ec55a24dcce42e6282d33bc3e
- SHA512
  
  3560208317666a7a580f7b6c5a00a761965cf500abb8f5f3d5136c8bf4ae015b530170e3d9c810e506a836b9641571ad9d0699fa9666cf228acd0694a49195ac
- SSDEEP
  
  6144:TOAztL6W+JJMPkZ5tJb52Wd83erDPKmjxTz7HbYcPCVYhg+KI1:TOMFwMPkDH/QiPLxvzblu2FKe
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2