urelas | 9958846ce07a346f9f6e0ac00c48ced3ac057d927a170cf2ae82c7b9051114d9 | Triage

Sharing

General

Target

9958846ce07a346f9f6e0ac00c48ced3ac057d927a170cf2ae82c7b9051114d9
Size

321KB
Sample

240531-a9dfzshg75
MD5

89a9418d44c300c42d5748bdd3d43ee1
SHA1

c2c8e8a017d1de44de1f19335b6852693f39a857
SHA256

9958846ce07a346f9f6e0ac00c48ced3ac057d927a170cf2ae82c7b9051114d9
SHA512

26eaa63a388bd9316971f0633b38e1ab22abf0e5bfd626e68decc17e957ef8cccd9ba32924e7cd07bd70cd1216e1f32ed0b6eded8e16e0b166c79f103fb3a774
SSDEEP

6144:PU0USPuHKKAsgBZg178Z+Snk6Fpwlw8RmuZSz8VdPbMK95BL7jGjFUHpJ+MBx:2SPXSzJSk6FpwlzmupVdjx5B/mFYJ+c

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

Targets

- Target
  
  9958846ce07a346f9f6e0ac00c48ced3ac057d927a170cf2ae82c7b9051114d9
- Size
  
  321KB
- MD5
  
  89a9418d44c300c42d5748bdd3d43ee1
- SHA1
  
  c2c8e8a017d1de44de1f19335b6852693f39a857
- SHA256
  
  9958846ce07a346f9f6e0ac00c48ced3ac057d927a170cf2ae82c7b9051114d9
- SHA512
  
  26eaa63a388bd9316971f0633b38e1ab22abf0e5bfd626e68decc17e957ef8cccd9ba32924e7cd07bd70cd1216e1f32ed0b6eded8e16e0b166c79f103fb3a774
- SSDEEP
  
  6144:PU0USPuHKKAsgBZg178Z+Snk6Fpwlw8RmuZSz8VdPbMK95BL7jGjFUHpJ+MBx:2SPXSzJSk6FpwlzmupVdjx5B/mFYJ+c
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2