urelas | 4beb8b876c35290dcc4fe31800b5140a754613dc3a07dd97d60d376227b2d7c8 | Triage

Sharing

General

Target

4beb8b876c35290dcc4fe31800b5140a754613dc3a07dd97d60d376227b2d7c8
Size

399KB
Sample

240530-1ew8qaac21
MD5

d95620e95fc27136f7ed060ca4ddad5f
SHA1

495fe9777d72145a86e2ba49a6718a57e41cba39
SHA256

4beb8b876c35290dcc4fe31800b5140a754613dc3a07dd97d60d376227b2d7c8
SHA512

5603240c90411e55ec0afc2379a135d693effdbf2765983bfa12b82cd2006b07bf19694ad415db8211c8d9f4200146e0cafd88bcda0ccdaaa4085957552a5d01
SSDEEP

6144:1sa1jZVgy03se7k5kBTTg7YMz6j8GuHEqqtKKUrBwj3bT3RzV:rtVgyuse2kBXg7Cj81cKK7jfRV

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.165

218.54.31.226

Targets

- Target
  
  4beb8b876c35290dcc4fe31800b5140a754613dc3a07dd97d60d376227b2d7c8
- Size
  
  399KB
- MD5
  
  d95620e95fc27136f7ed060ca4ddad5f
- SHA1
  
  495fe9777d72145a86e2ba49a6718a57e41cba39
- SHA256
  
  4beb8b876c35290dcc4fe31800b5140a754613dc3a07dd97d60d376227b2d7c8
- SHA512
  
  5603240c90411e55ec0afc2379a135d693effdbf2765983bfa12b82cd2006b07bf19694ad415db8211c8d9f4200146e0cafd88bcda0ccdaaa4085957552a5d01
- SSDEEP
  
  6144:1sa1jZVgy03se7k5kBTTg7YMz6j8GuHEqqtKKUrBwj3bT3RzV:rtVgyuse2kBXg7Cj81cKK7jfRV
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2