urelas | f99f1512a2d35602bb3db07ad0efdfa37b1761cf9a83406d20bb9a6a13c83960 | Triage

Sharing

General

Target

f99f1512a2d35602bb3db07ad0efdfa37b1761cf9a83406d20bb9a6a13c83960
Size

426KB
Sample

240421-fgwpraca3x
MD5

0b024e5dbd4ba368789b4480aa83fd58
SHA1

98837828dd73c773afac3f302d6ad1d397c7bb3c
SHA256

f99f1512a2d35602bb3db07ad0efdfa37b1761cf9a83406d20bb9a6a13c83960
SHA512

23cd8a4e9a3a706442fd427716feffd2bbcd35b4f25910a8b18448b284952db23ae48a762d5b9e3fbaa865abf48f425781fce8efdd86e01ff6f377f674b3f0e6
SSDEEP

6144:to3wRi+1Py3V0a2WkQ6P9N2Y/Op9eXQ6fU//BFuHt07Vx9UlT:w6f1PyKa2u6P9N2y3U/mHyUT

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.165

218.54.31.226

Targets

- Target
  
  f99f1512a2d35602bb3db07ad0efdfa37b1761cf9a83406d20bb9a6a13c83960
- Size
  
  426KB
- MD5
  
  0b024e5dbd4ba368789b4480aa83fd58
- SHA1
  
  98837828dd73c773afac3f302d6ad1d397c7bb3c
- SHA256
  
  f99f1512a2d35602bb3db07ad0efdfa37b1761cf9a83406d20bb9a6a13c83960
- SHA512
  
  23cd8a4e9a3a706442fd427716feffd2bbcd35b4f25910a8b18448b284952db23ae48a762d5b9e3fbaa865abf48f425781fce8efdd86e01ff6f377f674b3f0e6
- SSDEEP
  
  6144:to3wRi+1Py3V0a2WkQ6P9N2Y/Op9eXQ6fU//BFuHt07Vx9UlT:w6f1PyKa2u6P9N2y3U/mHyUT
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2