urelas | 3899a4f6b1d7227ce2120f8d25eb74809d6558b4cf95abfc4d2889c9569dc272 | Triage

Sharing

General

Target

3899a4f6b1d7227ce2120f8d25eb74809d6558b4cf95abfc4d2889c9569dc272
Size

516KB
Sample

240608-1alleshc67
MD5

d200af10617c97ddd4fa9eb866c715ad
SHA1

c3080251af403cc47cb9afa243b838ac11c6214c
SHA256

3899a4f6b1d7227ce2120f8d25eb74809d6558b4cf95abfc4d2889c9569dc272
SHA512

21fe0d992b7c83ed8d2e813cff68918c861ffa65b21ff8a5dc9984f789800db0aa4392ce8a153df3b471c67e5f830754cf81b11b27bb88d96be3cfb167059202
SSDEEP

12288:RyPHijVSuJqu4kw6eDPvjJ81VGqK6GvPN:RuCTq4w6or+GnV

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.226

218.54.31.165

Targets

- Target
  
  3899a4f6b1d7227ce2120f8d25eb74809d6558b4cf95abfc4d2889c9569dc272
- Size
  
  516KB
- MD5
  
  d200af10617c97ddd4fa9eb866c715ad
- SHA1
  
  c3080251af403cc47cb9afa243b838ac11c6214c
- SHA256
  
  3899a4f6b1d7227ce2120f8d25eb74809d6558b4cf95abfc4d2889c9569dc272
- SHA512
  
  21fe0d992b7c83ed8d2e813cff68918c861ffa65b21ff8a5dc9984f789800db0aa4392ce8a153df3b471c67e5f830754cf81b11b27bb88d96be3cfb167059202
- SSDEEP
  
  12288:RyPHijVSuJqu4kw6eDPvjJ81VGqK6GvPN:RuCTq4w6or+GnV
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2