urelas | de4e9a1ba10bf41d6ac7c171ead973cfec2dfc77c68cde8a2d74ff503d7e6354 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

de4e9a1ba10bf41d6ac7c171ead973cfec2dfc77c68cde8a2d74ff503d7e6354
Size

482KB
Sample

240502-e8wcmaha6t
MD5

c91c8fa301d6fea47594c1cba1805fcb
SHA1

c654a5061a5cdf5e9e0d3cb36a32c8b6e5de01c9
SHA256

de4e9a1ba10bf41d6ac7c171ead973cfec2dfc77c68cde8a2d74ff503d7e6354
SHA512

aee656d0c310ba78c897511febf0b31c7a989da6987cb54ef9da334c06eb81f34bcc45570bd44114fc47595ac19689a5376c7eb46b694ac2fbdf83c116d46e5e
SSDEEP

12288:9PTveekpmU2GxQA5dZWkZK6nPqM+WcD4ellNrr/G:9I24QAhWhWMHD4MlNHG

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

Targets

- Target
  
  de4e9a1ba10bf41d6ac7c171ead973cfec2dfc77c68cde8a2d74ff503d7e6354
- Size
  
  482KB
- MD5
  
  c91c8fa301d6fea47594c1cba1805fcb
- SHA1
  
  c654a5061a5cdf5e9e0d3cb36a32c8b6e5de01c9
- SHA256
  
  de4e9a1ba10bf41d6ac7c171ead973cfec2dfc77c68cde8a2d74ff503d7e6354
- SHA512
  
  aee656d0c310ba78c897511febf0b31c7a989da6987cb54ef9da334c06eb81f34bcc45570bd44114fc47595ac19689a5376c7eb46b694ac2fbdf83c116d46e5e
- SSDEEP
  
  12288:9PTveekpmU2GxQA5dZWkZK6nPqM+WcD4ellNrr/G:9I24QAhWhWMHD4MlNHG
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2