urelas | 3a56d3836e57abda02f9364285cb813b77a780198b32dad0220e39aac3873e0a | Triage

Sharing

General

Target

3a56d3836e57abda02f9364285cb813b77a780198b32dad0220e39aac3873e0a
Size

321KB
Sample

240610-mj4ayafh4x
MD5

68507d55c249d61d7aac50987cd13b08
SHA1

075e886e5f43dcc2596964041b8ba669ddb73cee
SHA256

3a56d3836e57abda02f9364285cb813b77a780198b32dad0220e39aac3873e0a
SHA512

872d4dbb24ec163e7d4f6143b18cfb3527e0b8203294907cd672810c227d789dcb0dc2bd6271161c4bc8191b72c6dffbe937864f2f3d000020d3e6f072b4e073
SSDEEP

6144:YRclEhSDYNRIu1dQREqjoEv8i/FuXox3+i+Lj2et3uopGYX:YRcISsNnWEmQox3+i+Ljrt+lYX

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

- Target
  
  3a56d3836e57abda02f9364285cb813b77a780198b32dad0220e39aac3873e0a
- Size
  
  321KB
- MD5
  
  68507d55c249d61d7aac50987cd13b08
- SHA1
  
  075e886e5f43dcc2596964041b8ba669ddb73cee
- SHA256
  
  3a56d3836e57abda02f9364285cb813b77a780198b32dad0220e39aac3873e0a
- SHA512
  
  872d4dbb24ec163e7d4f6143b18cfb3527e0b8203294907cd672810c227d789dcb0dc2bd6271161c4bc8191b72c6dffbe937864f2f3d000020d3e6f072b4e073
- SSDEEP
  
  6144:YRclEhSDYNRIu1dQREqjoEv8i/FuXox3+i+Lj2et3uopGYX:YRcISsNnWEmQox3+i+Ljrt+lYX
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2