urelas | d6fe3467513e311f10bd55be380a63a7f02c26cbcb04fae71baaf26e7d23c0f1 | Triage

Sharing

General

Target

d6fe3467513e311f10bd55be380a63a7f02c26cbcb04fae71baaf26e7d23c0f1
Size

137KB
Sample

240526-d347xaea89
MD5

0c50e46ede72ec0c96964dc4088a61dc
SHA1

34c69a48fc40bed19b99bde78e1504ec19cbcf80
SHA256

d6fe3467513e311f10bd55be380a63a7f02c26cbcb04fae71baaf26e7d23c0f1
SHA512

7f5568062a798eeee00b32df999019fb7cbafeab4e1b651c048db41ca4e69945166227db8da601ec4d345f359e61c4e60b3bf136c6f6650d51d04d645a03d1a5
SSDEEP

1536:X2nrJLwAXDtIBcUyk+8CooNvy3GNbcq7+sWjcd2x64Tb/pe6An8c:GtpCP+/oGvWSld2x64Tb/p7Dc

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  d6fe3467513e311f10bd55be380a63a7f02c26cbcb04fae71baaf26e7d23c0f1
- Size
  
  137KB
- MD5
  
  0c50e46ede72ec0c96964dc4088a61dc
- SHA1
  
  34c69a48fc40bed19b99bde78e1504ec19cbcf80
- SHA256
  
  d6fe3467513e311f10bd55be380a63a7f02c26cbcb04fae71baaf26e7d23c0f1
- SHA512
  
  7f5568062a798eeee00b32df999019fb7cbafeab4e1b651c048db41ca4e69945166227db8da601ec4d345f359e61c4e60b3bf136c6f6650d51d04d645a03d1a5
- SSDEEP
  
  1536:X2nrJLwAXDtIBcUyk+8CooNvy3GNbcq7+sWjcd2x64Tb/pe6An8c:GtpCP+/oGvWSld2x64Tb/p7Dc
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2